Closed
Bug 993103
Opened 11 years ago
Closed 9 years ago
No warning displayed when a HTTPS page load a component with a bad certificate
Categories
(Core :: Security: PSM, enhancement)
Tracking
()
RESOLVED
DUPLICATE
of bug 783299
People
(Reporter: solarus, Unassigned)
Details
Attachments
(1 file)
|
62.07 KB,
image/png
|
Details |
bug firefox invalidHTTPS-1.png
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release)
Build ID: 20140317233501
Steps to reproduce:
When a HTTPS page loads an unsecured HTTP component (as JavaScripts or images), Firefox displays an alert for "mixed-content" and block the object.
But when a HTTPS page with a valid certificate (signed by a good CA) loads a component with a bad certificate (bad CA, or other errors), the component is blocked, but Firefox displays no alert about that.
You can test with my blog https://ultrawaves.fr/blog which is signed by Gandi a valid CA, it loads a file https://piwik.ultrawaves.fr/piwik.js , which is signed by CACert.
If you don't trust the CACert root, you will have a error when reaching https://piwik.ultrawaves.fr, but you will not when displaying a page with the .js coming from here.
Expected results:
I think that Firefox should display a warning when a invalid HTTPS content is loaded by a valid HTTPS page, as it does for plain HTTP content.
Chrome don't do that it but IE 8 does.
|
||
Updated•11 years ago
|
Component: Untriaged → Security
|
||
Comment 1•9 years ago
|
||
Since I am triaging DOM:Security bugs at the moment I cam across this bug. Not sure if it's still an issue. Definitely misclassified within DOM:Security.
Component: DOM: Security → Security
|
||
Comment 2•9 years ago
|
||
Thanks for filing the report. Looks like this issue is already tracked by Bug 783299, so I'm marking this bug as a duplicate.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Component: Security → Security: PSM
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•