Closed Bug 854186 Opened 12 years ago Closed 9 years ago

Deleted temporary certificate exception doesn't revoke the exception

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: benjamin3harris, Unassigned, NeedInfo)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0 Build ID: 20130308124411 Steps to reproduce: I visited https://appsec.aarp.org/MSS/join/application?keycode=U8LX53 (aarp.org, click on the "Join" button). Firefox told me the site's certificate could not be confirmed, I said I understood the risks and added a *temporary* exception. When I opened up the list of allowed certificates, the one I just added was on the list. I then restarted Firefox, and it was removed from the list. Actual results: When I went to the same website again though, it allowed me to go through without warning me about the certificate, even though the certificate was no longer on the allowed list. Expected results: It should have brought me to the same certificate warning page. I tested this on two computers both running Firefox 19.0.2, one running Windows 7 and one on Ubuntu 13.04. I repeated the steps exactly, and the exact same problem occurred. It's worth pointing out that both Chrome and Internet Explorer did not detect this certificate problem, although networking4all.com's certificate checker verified that this certificate had a problem.
I loaded https://appsec.aarp.org/MSS/join/application?keycode=U8LX53 , added a permanent exception for the server configuration issue (missing intermediate certificate). I removed Network solutions LLC under "Servers" and in the "Authorities" tab, restarted Firefox and got the security warning again on that page.
I can confirm Comment 0 with Firefox 19 and with Firefox/22.0 ID:20130324031024 CSet: 0a10eca0c521. The Certificate is listed as "Temporary" (Lifetime/Servers Tab). * explicitly deleting Cache/Active Logins do not make a Difference * testing Private Mode does not make a Difference => the Exception Dialog is not coming back. OTOH, testing e.g. https://www.cacert.org the Add Exception Dialog comes back. => Issue is something Site-/Cert-specific?
URL: https://appsec.aarp.org/MSS/join/appl...
Component: Untriaged → Security: PSM
Product: Firefox → Core
Version: 19 Branch → Trunk
This could be a caching issue. If you shift-refresh after restarting Firefox, does it work as expected?
Flags: needinfo?(benjamin3harris)
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.