Closed
Bug 813464
Opened 12 years ago
Closed 12 years ago
Mozilla website (mozilla.org) should use HTTPS by default
Categories
(www.mozilla.org :: General, defect)
www.mozilla.org
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 796109
People
(Reporter: chris, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Steps to reproduce:
Although www.mozilla.org can be delivered via HTTPS, this is not the default.
Consumers who download Firefox from the first time are thus vulnerable to a man in the middle attack (from a government, their ISP or some other party) that can be used to deliver a non-authentic Mozilla binary.
Per a suggestion from The Dark Tangent (https://twitter.com/thedarktangent/status/270655772030033920), it would be a good idea for the entire download path, from initial entry at www.mozilla.org to the download of the browser, to go over HTTPS.
It also looks like Google already does this for Chrome.
Updated•12 years ago
|
Component: Web Site → General
Product: Mozilla Services → www.mozilla.org
Comment 1•12 years ago
|
||
This is already in the works
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Comment 2•12 years ago
|
||
It's been a long time coming, bug 796109 is the remaining piece for bug 358384
You need to log in
before you can comment on or make changes to this bug.
Description
•