Closed Bug 1339905 Opened 8 years ago Closed 8 years ago

Self signed certificate of different name referenced in webapge is not able to be authorized (manual import required)

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
51 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 991313

People

(Reporter: dsea11, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
Build ID: 20170125094131

Steps to reproduce:

Have two webpages with self signed certificates, the first is the website you browse to, second is referenced by the first since the other certificate wasn't imported when adding the exception it prompted again for invalid certificate.


Actual results:

When the first exception was added the second certificate error popped up when the page was reloaded, this time it was not allowed to give an exception.


Expected results:

The second certificate should have the first result as the first even though it is not matching the URL in the browser bar, it should still allow the exception to be added without having to manually export and import the certificate in order to work.
OS: Unspecified → Windows 10
Priority: -- → P4
Hardware: Unspecified → All
STR:
1. Open the https://untrusted-root.badssl.com/ and adding the exception to browse.
2. Add the <iframe src="https://self-signed.badssl.com/"></iframe> to the page through DevTools - Inspector.
3. Click the Advanced button, the Add Exception... button is not appear.
Status: UNCONFIRMED → NEW
Has STR: --- → yes
Component: Untriaged → Security
Ever confirmed: true
OS: Windows 10 → All
Priority: P4 → --
This is intentional to prevent click-jacking attacks. The messaging could be improved (or added, really).
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.