Ubuntu
firefox-3.0 package

option "I'm about to view an encrypted page that contains some unencrypted information" doesn't work

Bug #421847 reported by marco.pallotta
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox-3.0 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: firefox

if you establish a SSL connection to a web page (pure html) that contains objects (for example an image) that are explicitally loaded with http protocol (so not a secure connection) from a given site firefox doesn't warn you that tha page that you loaded contains some unencrypted information. So the user has a misleading perception of his secure connection (the ssl padlock icon is closed).
This info doesn't appear even if you select the option "I'm about to view an encrypted page that contains some unencrypted information" from edit -> preferences -> security -> settings.

This issue was tested with Firefox 3.0.13 (either with Hardy or with Jaunty).
Firefox 3.5.x, from Karmic Alpha, correctly displays the warning by default and the ssl padlock icon is closed but with an exlamation mark.

So with Firefox 3.0.13 we have, with certainty, one issue related to the fact that the option "I'm about to view an encrypted page that contains some unencrypted information" doesn't work and another possible bug related to the fact that by default Firefox displays neither any warning popup (as Firefox 3.5.x does) nor any exlamation mark (or similar) with the padlock (always closed as like there were no issues in the connection). With this last issue we had to know which is the intended behavior of developers for the version 3.0.x

Revision history for this message
Micah Gersten (micahg) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. However, according to this report, you are not using the most recent version of this package (3.0.14 as of today) for your Ubuntu release. Please upgrade to the most recent version and let us know if you are still having this issue. Thanks in advance.

affects: firefox (Ubuntu) → firefox-3.0 (Ubuntu)
Changed in firefox-3.0 (Ubuntu):
status: New → Incomplete
Revision history for this message
marco.pallotta (marco-pallotta) wrote :

I think I will open this bug in upstream as it's, for me, a sort of security bug. Let's if Firefox team wants to fix this or only suggests to upgrade to the latest release.

Revision history for this message
marco.pallotta (marco-pallotta) wrote :

Micah, it seems that you should only post, into bugzilla mozilla, bug on newest firefox releases so I think I will not post it in upstream (firefox 3.5 doesn't have this issue) but I will test this on 3.0.14 as you suggested to me.

Revision history for this message
marco.pallotta (marco-pallotta) wrote :

Confirmed on 3.0.14

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for firefox-3.0 (Ubuntu) because there has been no activity for 60 days.]

Changed in firefox-3.0 (Ubuntu):
status: Incomplete → Expired
marco.pallotta (marco-pallotta)
Changed in firefox-3.0 (Ubuntu):
status: Expired → New
Revision history for this message
marco.pallotta (marco-pallotta) wrote :

Marked "fix released" as with firefox > 3.5.x (as already explained) it seems that the issue was just fixed.

Changed in firefox-3.0 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.