Closed
Bug 122487
Opened 23 years ago
Closed 23 years ago
Lock icon stays on even when you're no longer on secure page, if you use tabs
Categories
(Core :: Security, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 101723
People
(Reporter: dan, Assigned: security-bugs)
Details
Go to a secure (https:) page. Note that the lock icon in the lower right corner
is shown as locked and is highlighted in yellow, and the Page Info section shows
security information for the page. This is as it should be.
Now open another page (non-secure, e.g. http:) in a new tab in the same window.
You'll note that the lock icon still shows as locked incorrectly, even though
the current active page is not secure. Viewing Page Info still shows the info
(both security and other) for the secure page, not the current tab.
Now close the secure page's tab while leaving the other tab still open. You'll
see that the lock icon is still locked, even though no secure page is even open
any more. Now the page info section shows correct info for the current tab,
with the exception of the security section: that shows a bizarre mixture of info
from the original secure page and the current (non-secure) one. In particular,
it claims that there's a verified certificate in the name of the domain of the
*current* (non-secure) page, with the authority and encryption grade of the
certificate of the secure page you were recently on.
This is a serious bug, as it can cause people to improperly trust nonsecure
pages. It may even be conceivable that this could be intentionally exploited in
some way by scam artists, if they can somehow manipulate you into opening their
site soon after going to a trusted secure site, thus resulting in a bogus
showing of a nonexistent verified certificate on the scam site.
(I'm using build 2002012803 in Win98.)
Comment 1•23 years ago
|
||
*** This bug has been marked as a duplicate of 101723 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•