Go to a secure (https:) page. Note that the lock icon in the lower right corner is shown as locked and is highlighted in yellow, and the Page Info section shows security information for the page. This is as it should be. Now open another page (non-secure, e.g. http:) in a new tab in the same window. You'll note that the lock icon still shows as locked incorrectly, even though the current active page is not secure. Viewing Page Info still shows the info (both security and other) for the secure page, not the current tab. Now close the secure page's tab while leaving the other tab still open. You'll see that the lock icon is still locked, even though no secure page is even open any more. Now the page info section shows correct info for the current tab, with the exception of the security section: that shows a bizarre mixture of info from the original secure page and the current (non-secure) one. In particular, it claims that there's a verified certificate in the name of the domain of the *current* (non-secure) page, with the authority and encryption grade of the certificate of the secure page you were recently on. This is a serious bug, as it can cause people to improperly trust nonsecure pages. It may even be conceivable that this could be intentionally exploited in some way by scam artists, if they can somehow manipulate you into opening their site soon after going to a trusted secure site, thus resulting in a bogus showing of a nonexistent verified certificate on the scam site. (I'm using build 2002012803 in Win98.)

*** This bug has been marked as a duplicate of 101723 ***

verifying