Open Bug 995666 Opened 11 years ago Updated 3 years ago

Firefox loads from cache a page whose SSL certificate has been revoked

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
28 Branch
Platform:
x86_64
Windows 7
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: adam, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release) Build ID: 20140314220517 Steps to reproduce: 1. Visited Cloudflare's Heartbleed Challenge web site before its certificate was revoked. 2. From a tab that already had a page loaded, went directly to http://www.cloudflarechallenge.com/heartbleed 3. Saw revoked certificate warning. 4. Pressed back button to return to previous page. 5. Pressed forward button. Actual results: After pressing the forward button, Firefox loaded the page from the disk cache. Expected results: Firefox should have displayed the certificate revocation warning again. This behavior is not reproduceable from a new, empty tab. It requires having a page to go Back to so that you can go Forward to the page in question. After clearing the disk cache, the bug was no longer reproduceable.
Component: Untriaged → Security
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.