Closed
Bug 1014282
Opened 11 years ago
Closed 11 years ago
ssl errors should not prompt users to "report web forgery"
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla32
People
(Reporter: mmc, Assigned: mmc)
References
Details
Attachments
(2 files, 2 obsolete files)
(deleted),
image/png
|
Details | |
(deleted),
patch
|
Margaret
:
review+
|
Details | Diff | Splinter Review |
It seems that every ssl error has the following two bullets:
* The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
* Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
The command found in the help menu is "Report Web Forgery", which leads to the Safebrowsing phish report page:
http://www.google.com/safebrowsing/report_phish/?tpl=mozilla&hl=en-US&url=https%3A%2F%2Fcloudflarechallenge.com%2F
This probably results in a ton of garbage phishing reports from Firefox to Google.
Assignee | ||
Comment 1•11 years ago
|
||
Assignee | ||
Comment 2•11 years ago
|
||
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → mmc
Status: NEW → ASSIGNED
Assignee | ||
Updated•11 years ago
|
Attachment #8426622 -
Flags: review?(margaret.leibovic)
Comment 3•11 years ago
|
||
Comment on attachment 8426622 [details] [diff] [review]
Do not direct every ssl error to 'Report Web Forgery' (
Review of attachment 8426622 [details] [diff] [review]:
-----------------------------------------------------------------
Looks good, you just need to update the patch to rev the entity names.
::: mobile/locales/en-US/overrides/netError.dtd
@@ -124,5 @@
> </ul>
> ">
>
> <!ENTITY nssFailure2.title "Secure Connection Failed">
> <!ENTITY nssFailure2.longDesc "
You'll need to update the entity names, so that localizers will know to update thess strings. Something like nssFailure2.longDesc2 would suffice (that's why some of the other entity names have numbers at the end like this :).
@@ -127,5 @@
> <!ENTITY nssFailure2.title "Secure Connection Failed">
> <!ENTITY nssFailure2.longDesc "
> <ul>
> <li>The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.</li>
> - <li>Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.</li>
This is a good fix for Fennec, because we don't even have a help menu!
Attachment #8426622 -
Flags: review?(margaret.leibovic) → feedback+
Assignee | ||
Comment 4•11 years ago
|
||
Assignee | ||
Updated•11 years ago
|
Attachment #8426622 -
Attachment is obsolete: true
Assignee | ||
Comment 5•11 years ago
|
||
Comment on attachment 8426698 [details] [diff] [review]
Do not direct every ssl error to 'Report Web Forgery' (
Review of attachment 8426698 [details] [diff] [review]:
-----------------------------------------------------------------
I think I got them all...
http://mxr.mozilla.org/mozilla-central/search?string=nssFailure2
Attachment #8426698 -
Flags: review?(margaret.leibovic)
Assignee | ||
Comment 6•11 years ago
|
||
Comment on attachment 8426698 [details] [diff] [review]
Do not direct every ssl error to 'Report Web Forgery' (
Review of attachment 8426698 [details] [diff] [review]:
-----------------------------------------------------------------
missed one
Attachment #8426698 -
Flags: review?(margaret.leibovic)
Assignee | ||
Comment 7•11 years ago
|
||
Assignee | ||
Updated•11 years ago
|
Attachment #8426698 -
Attachment is obsolete: true
Assignee | ||
Comment 8•11 years ago
|
||
Comment on attachment 8426702 [details] [diff] [review]
Do not direct every ssl error to 'Report Web Forgery' (
Review of attachment 8426702 [details] [diff] [review]:
-----------------------------------------------------------------
One of the strings did not change, but I updated the name anyway because I'm not sure which xhtml reference which dtds.
Attachment #8426702 -
Flags: review?(margaret.leibovic)
Comment 9•11 years ago
|
||
(In reply to [:mmc] Monica Chew (please use needinfo) from comment #8)
> Comment on attachment 8426702 [details] [diff] [review]
> Do not direct every ssl error to 'Report Web Forgery' (
>
> Review of attachment 8426702 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> One of the strings did not change, but I updated the name anyway because I'm
> not sure which xhtml reference which dtds.
It's good to update all of them because the browser/mobile .dtd files override the dom .dtd file, so the same xhtml file could be pulling from either one depending on which product is being used.
This netError stuff is confusing :/
Comment 10•11 years ago
|
||
FWIW that text is a reference to the feature we removed in bug 572695.
Comment 11•11 years ago
|
||
Comment on attachment 8426702 [details] [diff] [review]
Do not direct every ssl error to 'Report Web Forgery' (
Review of attachment 8426702 [details] [diff] [review]:
-----------------------------------------------------------------
Looks good to me.
Attachment #8426702 -
Flags: review?(margaret.leibovic) → review+
Comment 12•11 years ago
|
||
(In reply to :Gavin Sharp (email gavin@gavinsharp.com) from comment #10)
> FWIW that text is a reference to the feature we removed in bug 572695.
I wrote that patch on my first day of full-time work at Mozilla!
Assignee | ||
Comment 13•11 years ago
|
||
Wow, Gavin's hg blame fu is pretty amazing :)
https://hg.mozilla.org/integration/mozilla-inbound/rev/184d497bd84a
Comment 14•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•