Open Bug 995666 Opened 10 years ago Updated 2 years ago

Firefox loads from cache a page whose SSL certificate has been revoked

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
28 Branch
Platform:
x86_64
Windows 7
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: adam, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release)
Build ID: 20140314220517

Steps to reproduce:

1.  Visited Cloudflare's Heartbleed Challenge web site before its certificate was revoked.
2.  From a tab that already had a page loaded, went directly to http://www.cloudflarechallenge.com/heartbleed
3.  Saw revoked certificate warning.
4.  Pressed back button to return to previous page.
5.  Pressed forward button.


Actual results:

After pressing the forward button, Firefox loaded the page from the disk cache.


Expected results:

Firefox should have displayed the certificate revocation warning again.

This behavior is not reproduceable from a new, empty tab.  It requires having a page to go Back to so that you can go Forward to the page in question.

After clearing the disk cache, the bug was no longer reproduceable.
Component: Untriaged → Security
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.