Closed Bug 813464 Opened 12 years ago Closed 12 years ago

Mozilla website (mozilla.org) should use HTTPS by default

Categories

(www.mozilla.org :: General, defect)

Product:
www.mozilla.org
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 796109

People

(Reporter: chris, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11 Steps to reproduce: Although www.mozilla.org can be delivered via HTTPS, this is not the default. Consumers who download Firefox from the first time are thus vulnerable to a man in the middle attack (from a government, their ISP or some other party) that can be used to deliver a non-authentic Mozilla binary. Per a suggestion from The Dark Tangent (https://twitter.com/thedarktangent/status/270655772030033920), it would be a good idea for the entire download path, from initial entry at www.mozilla.org to the download of the browser, to go over HTTPS. It also looks like Google already does this for Chrome.
Component: Web Site → General
Product: Mozilla Services → www.mozilla.org
This is already in the works
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
It's been a long time coming, bug 796109 is the remaining piece for bug 358384
You need to log in before you can comment on or make changes to this bug.