[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #3815 [EFF-HTTPS Everywhere]: context menu does not work on error pages



#3815: context menu does not work on error pages
----------------------------------+-----------------------------------------
 Reporter:  pde                   |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 For instance, per this report from Micah

 When you go to a website that doesn't load and instead gives you a
 certificate browser, and then click the context menu to disable that
 rule, that website's rule doesn't appear in the list.

 Or at least, that's what happened to me when I went to torrentfreak.com
 yesterday on a freshly installed Firefox in Windows. I think
 torrentfreak.com doesn't serve the whole certificate chain and I hadn't
 cached the correct intermediary certificate, so it gave me a warning.
 When I tried disabling the rule, the TorrentFreak rule wasn't in the
 context menu, only Google Search was (which also seems strange).

 This should be easy enough to recreate on any website with an HTTPS
 Everywhere rule just by using an intercepting proxy that MITMs HTTPS and
 serves it's own certificates.</blockquote>

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3815>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs