Closed
Bug 390321
Opened 17 years ago
Closed 15 years ago
Firefox should not show yellow url bar on page with mixed security
Categories
(Firefox :: Security, defect, P4)
Tracking
()
RESOLVED
WORKSFORME
Firefox 2
People
(Reporter: KaiE, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [sg:low spoof])
I'm marking this security sensitive, because the test case in this bug will easily reveal the other sensitive bug 358438.
Go to https://kuix.de/misc/test17/insecure-script-and-css.php
Notice that you get a mixed lock icon, because of mixed content.
Actual behaviour: Firefox shows yellow url bar.
Expected behaviour: Firefox should show a white url bar.
Note that SeaMonkey seems to do it right, it displays a white url bar.
|
||
Comment 1•17 years ago
|
||
I get a white bar on Mac using 2.0.0.5 (yeah, I need to upgrade).
|
||
Comment 2•17 years ago
|
||
I don't see the yellow bar when simply visiting that site (I do see the broken lock icon). However, if I click the link on that page, and then use the back button to go back to the original page, I do see the yellow bar. This makes me think it's due to interaction with bfcache, and I seem to recall similar bugs in the past.
|
|
||
Comment 3•17 years ago
|
||
Oh, I was thinking of bug 358438.
|
|
||
Comment 4•17 years ago
|
||
(I am testing Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a7pre) Gecko/2007073104 Minefield/3.0a7pre, for what it's worth.)
|
||
Comment 5•17 years ago
|
||
I'm seeing this bug (yellow bar appears) without any back/forward stuff, using MOZ_CO_DATE="Fri Jul 27 21:11:08 CDT 2007". I doubt anything has changed since.
Flags: blocking-firefox3?
|
Reporter | |
Comment 6•17 years ago
|
||
I get this bug with Firefox 2.0.0.5 on Linux
|
||
Updated•17 years ago
|
Flags: blocking-firefox3? → blocking-firefox3+
|
||
Updated•17 years ago
|
Target Milestone: --- → Firefox 3 M9
|
|
||
Comment 7•17 years ago
|
||
I can't reproduce with Windows or Mac trunk builds. Is this Linux-only?
|
|
||
Comment 8•17 years ago
|
||
I also don't see this on Mac. But I definitely see it on Linux. There's a good chance that this bug depends on event ordering, for what it's worth...
|
|
||
Updated•17 years ago
|
Target Milestone: Firefox 3 M9 → Firefox 3 M10
|
|
||
Updated•17 years ago
|
Target Milestone: Firefox 3 M10 → Firefox 3 M11
|
|
||
Updated•17 years ago
|
Priority: -- → P3
|
|
||
Updated•17 years ago
|
Priority: P3 → P4
|
|
||
Comment 9•17 years ago
|
||
Not blocking on this bug for final ship. Would take a safe enough patch if one comes through.
Flags: wanted-firefox3+
Flags: blocking-firefox3-
Flags: blocking-firefox3+
|
|
Reporter | |
Comment 10•17 years ago
|
||
I think this bug is Mozilla 1.8 branch / Firefox 2 - ONLY.
I don't see a need for firefox-3 flags.
|
||
Updated•16 years ago
|
Whiteboard: [sg:low spoof]
|
||
Comment 11•15 years ago
|
||
This bug seems restricted to the 2.0 release and to a UI (the yellow bar) that doesn't exist any more. I haven't seen this behaviour on 3.x on any OS, and kai's test case shows the gray Larry and the mixed content status bar padlock on linux, mac and windows. Resolving WFM.
I also think we should open it, since it was hidden to avoid disclosing another bug that has since been fixed - but I'll hold off on that for now, since the other bug hasn't been opened yet either.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
|
|
||
Updated•15 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•