Bug#721153: iceweasel: unable to remove an ssl cert exception
Dietrich Clauss
dc2 at clauss.dyndns.org
Wed Aug 28 14:41:22 UTC 2013
Package: iceweasel
Version: 17.0.8esr-2
Severity: important
Dear Maintainer,
when storing a security exception permanently and removing it later, the
cert will disappear from the list but it still gets accepted.
To reproduce:
0. clean user, rm -r ~/.mozilla
1. Set up a https server which uses a self-signed certificate, lets call
it 'srv'
2. Start iceweasel, watch https://srv
3. iceweasel shows warning "untrusted connection"
4. Click on "Understand the risk", "Add exception", "confirm exception"
5. Exception gets stored permanently, iceweasel shows the content of
https://srv
6. Go to edit/preferences/advanced/encryption/view_certs
7. Search the cert of https://srv and "delete or distrust" it
8. Try to watch https://srv again. Iceweasel should now
show the "untrusted connection" warning again, but it doesn't. Try
to refresh the page, clean the cache or restart the browser. The
warning won't reappear.
9. Go to edit/preferences/advanced/encryption/view_certs again and look
for the cert of https://srv. It isn't there.
This may be related to bug #627552, but it also happens if the site is
not loaded from cache.
BTW: The info below was inserted by reportbug, which wasn't invoked from
within the clean user environment. The extensions BetterPrivacy and
WebDeveloper were not active. However, I could also reproduce the
problem when these extensions are active.
-- Package-specific info:
-- Extensions information
Name: Adblock Plus
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled
Name: BetterPrivacy
Location: ${PROFILE_EXTENSIONS}/{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
Status: enabled
Name: Default theme
Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
Name: Deutsch (DE) Language Pack locale
Location: /usr/lib/iceweasel/extensions/langpack-de at iceweasel.mozilla.org.xpi
Package: iceweasel-l10n-de
Status: enabled
Name: Web Developer
Location: ${PROFILE_EXTENSIONS}/{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
Status: enabled
-- Plugins information
Name: DivX® Web Player
Location: /usr/lib/mozilla/plugins/libtotem-mully-plugin.so
Package: totem-mozilla
Status: enabled
Name: Gnome Shell Integration
Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so
Package: gnome-shell
Status: enabled
Name: QuickTime Plug-in 7.6.6
Location: /usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so
Package: totem-mozilla
Status: enabled
Name: Shockwave Flash
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled
Name: Skype Buttons for Kopete
Location: /usr/lib/mozilla/plugins/skypebuttons.so
Package: kopete
Status: enabled
Name: VLC Multimedia Plugin (compatible Totem 3.0.1)
Location: /usr/lib/mozilla/plugins/libtotem-cone-plugin.so
Package: totem-mozilla
Status: enabled
Name: Windows Media Player Plug-in 10 (compatible; Totem)
Location: /usr/lib/mozilla/plugins/libtotem-gmp-plugin.so
Package: totem-mozilla
Status: enabled
Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: enabled
-- Addons package information
ii gnome-shell 3.4.2-12 amd64 graphical shell for the GNOME des
ii iceweasel 17.0.8esr-2 amd64 Web browser based on Firefox
ii iceweasel-l10n 1:17.0.8esr- all German language package for Icewe
ii kopete 4:4.8.4-3 amd64 instant messaging and chat applic
ii rhythmbox-plug 2.99.1-3 amd64 plugins for rhythmbox music playe
ii totem-mozilla 3.0.1-9 amd64 Totem Mozilla plugin
ii xul-ext-adbloc 2.2.3-1 all Advertisement blocking extension
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (400, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iceweasel depends on:
ii debianutils 4.4
ii fontconfig 2.10.2-2
ii libc6 2.17-92
ii libgdk-pixbuf2.0-0 2.28.2-1
ii libglib2.0-0 2.36.3-3
ii libgtk2.0-0 2.24.20-1
ii libnspr4 2:4.10-1
ii libnspr4-0d 2:4.10-1
ii libsqlite3-0 3.7.17-1
ii libstdc++6 4.8.1-2
ii procps 1:3.3.4-2
ii xulrunner-17.0 17.0.8esr-2
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
ii fonts-stix [otf-stix] 1.1.0-1
ii libgssapi-krb5-2 1.10.1+dfsg-6.1
pn mozplugger <none>
Versions of packages xulrunner-17.0 depends on:
ii libasound2 1.0.27.1-2
ii libatk1.0-0 2.8.0-2
ii libbz2-1.0 1.0.6-4
ii libc6 2.17-92
ii libcairo2 1.12.14-4
ii libdbus-1-3 1.6.12-1
ii libdbus-glib-1-2 0.100.2-1
ii libevent-2.0-5 2.0.21-stable-1
ii libfontconfig1 2.10.2-2
ii libfreetype6 2.4.9-1.1
ii libgcc1 1:4.8.1-2
ii libgdk-pixbuf2.0-0 2.28.2-1
ii libglib2.0-0 2.36.3-3
ii libgtk2.0-0 2.24.20-1
ii libhunspell-1.3-0 1.3.2-4
ii libjpeg8 8d-1
ii libmozjs17d 17.0.8esr-2
ii libnspr4 2:4.10-1
ii libnss3 2:3.15.1-1
ii libnss3-1d 2:3.15.1-1
ii libpango-1.0-0 1.32.5-5+b1
ii libpangocairo-1.0-0 1.32.5-5+b1
ii libpangoft2-1.0-0 1.32.5-5+b1
ii libpixman-1-0 0.26.0-4
ii libsqlite3-0 3.7.17-1
ii libstartup-notification0 0.12-3
ii libstdc++6 4.8.1-2
ii libvpx1 1.2.0-2
ii libx11-6 2:1.6.0-1
ii libxext6 2:1.3.2-1
ii libxrender1 1:0.9.8-1
ii libxt6 1:1.1.3-1+deb7u1
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages xulrunner-17.0 suggests:
ii libcanberra0 0.30-2
ii libgnomeui-0 2.24.5-2
-- no debconf information
More information about the pkg-mozilla-maintainers
mailing list