Browser doesn't recognize site as secure this case

VERIFIED FIXED in psm2.0

Status

Core Graveyard
Security: UI
P1
critical
VERIFIED FIXED
17 years ago
2 years ago

People

(Reporter: scalkins, Assigned: David P. Drinan)

Tracking

1.0 Branch
psm2.0

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: need sr=, need a=, URL)

Attachments

(1 attachment)

(Reporter)

Description

17 years ago
Saw this all platforms:
Win32 2001-06-21-06 trunk
Linux 2001-06-20-21 trunk
Mac 2001-06-21-08 trunk

Stesp to repro:
1)Launch browser
2)Go to http://www.etrade.com
3)Click on "Banking" tab on web page
4)Click on the yellow "Log On" button at upper left of resulting Page for
banking tab.

Actual results: The lock icon at the lower right orf the browser stays unlocked,
implying an insecure connection. Note however that the URL bar shows the
https:// in the front indicating a secure site. I am afraid to submit a password
here for this reason, so this is dogfood for this use for me!
The console seems to think it's not a secure site either, as it references the
URLs as follows using steps in test case:

Document http://www.etrade.com/ loaded successfully
Document http://www.etrade.com/cgi-bin/gx.cgi/Applogic+TBHome loaded successfull
y
Document http://www.etradebank.com/logon.cfm loaded successfully

Note that the URL bar in the browser itself shows the URL
https://trading.etrade.com/cgi-bin/gx.cgi/applogic+tbbanktobrkg?appname=loginpage
for step #4 of the test case.

Expected results: The lock icon at the lower right of the browser engages and
turns yellow to indicate a secure site
(Reporter)

Comment 1

17 years ago
Nominating nsbranch.I am afraid to do online banking at this site with NS 6 till
this is fixed.

Another Note: If I go to www.etrade.com and then click directly on the Log ON
icon before going to the Banking tab, it looks like it's seen as secure (Yellow
locked lock on browser, and correct https url seen in console as well as browser)
Keywords: nsBranch, nsdogfood
->Crypto. Lock icon problems again?
Assignee: mstoltz → ddrinan
Component: Security: General → Security: Crypto
QA Contact: ckritzer → junruh

Comment 3

17 years ago
PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Version: other → 2.0

Comment 4

17 years ago
Possibly a dup of bug 82437

Setting Target to 2.0.

Priority: -- → P1
Target Milestone: --- → 2.0
(Assignee)

Comment 5

17 years ago
The problem is a http redirect to https. The PSM lock icon state machine is 
getting confused. I'll post a patch soon.
(Assignee)

Comment 6

17 years ago
Created attachment 40048 [details] [diff] [review]
Patch. Javi, please review.

Comment 7

17 years ago
r=javi
(Assignee)

Updated

17 years ago
Whiteboard: need sr=, need a=
(Assignee)

Comment 8

17 years ago
Adding blizzard to cc-list.

Chris,

Please super-review. Also, this fix should be considered for the 0.9.2 branch 
since it fixes up a bunch of lock icon failures.

Comment 9

17 years ago
Steve, need approval for 0.9.2

Comment 10

17 years ago
sr=hyatt.

Comment 11

17 years ago
a= asa@mozilla.org for checkin to 0.9.2 branch.
(on behalf of drivers)
(Assignee)

Comment 12

17 years ago
Checked onto trunk and branch. Marking FIXED.
(Assignee)

Comment 13

17 years ago
-> FIXED.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 14

17 years ago
Verified.
Status: RESOLVED → VERIFIED

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

10 years ago
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.