Closed Bug 83193 Opened 24 years ago Closed 24 years ago

"Back" button does not clear the "Page Info" security status.

Categories

(Core Graveyard :: Security: UI, defect, P2)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME
Milestone:
mozilla0.9.2

People

(Reporter: mozilla-bugs, Assigned: ddrinan0264)

Details

(Keywords: regression, Whiteboard: investigating)

Attachments

(1 file)

Screenshot of Mozilla claiming Bugzilla is secure
10.71 KB, image/png
Details
Reproducable: always Steps to reporduce: 1) Go to an unsecure page 2) Go to a secure page (in the same window) 3) Press "Back" 4) Open the Page Info -> security (for example, by pressing the lock sign). Expected: It tells page is insecure. Actual: It gives the security information of the secure page with the host name of the insecure page plugged into it (note that the lock is correctly displayed as broken). Build id 2001052819 on RedHat Linux 7.1
Severity: normal → critical
Keywords: correctness
I have the "moving from secure to insecure site" warning enabled and the warning did not fire upon clicking "back" button at the secure site. Moz didn't notice that you're back to an insecure site when you press "back" button. And the security info isn't updated too. Happens on Win32 platform too. (build 2001052904)
Yes, this is the same thing I see - I do not get the warning until I do something that clears the security status (for example, pressing Reload). OS => All per doctor__j's comments.
OS: Linux → All
This does not happen with build id 2001052510
Keywords: regression
I am also observing the opposite problem - pressing "Forward" and going from unsecure page to secure one makes Mozilla think (incorrectly) that it's also unsecure.
PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: --- → mozilla0.9.1
Version: other → 2.0
Confirmed with Linux Build ID 2001052908: http://bugzilla.mozilla.org/query.cgi then paste: https://store.aolshopdirect.com/stores/gx.cgi/ShoppingBasketAdd?GSStore=aoldir&PrId12828PrId=1&o_c=AOL1 then use the back button. Enter any bug id, and submit. The dialog you get is that although the page is secure, you're about to submit insecure form elements.
One interesting error that comes up consistently when going between pages is the following: ************************************************************ * Call to xpconnect wrapped JSObject produced this error: * [Exception... "'Method not implemented' when calling method: [nsIWebProgressListener::onSecurityChange]" nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)" location: "<unknown>" data: no] ************************************************************ Document https://www.thawte.com/ loaded successfully
I believe this error comes from the progress listener that is implemented in xpfe/browser/resources/content/nsBrowserStatusHandler.js
adding mstoltz and jband to the cc list.. any ideas on others that can help figuring this out?
Whiteboard: investigating
This bug requires some more analysis and work. After discussing this with Phil Peterson, Bob Lord and Javi, we decided to move this bug to 0.9.2. If we come up with the an acceptable solution early next week, we'll try to get it in for 0.9.1. -> mozilla0.9.2.
Target Milestone: mozilla0.9.1 → mozilla0.9.2
Works for me on 0.9.2 N6 Linux Build 2001062506. junruh: if you agree let's resolve it.
Priority: -- → P2
Worksforme on WinNT.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: