VOOZH about

URL: https://bugzilla.mozilla.org/show_bug.cgi?id=1301772

โ‡ฑ 1301772 - Turn on Insecure Password Warning in Firefox Beta

Closed Bug 1301772 Opened 9 years ago Closed 9 years ago

Turn on Insecure Password Warning in Firefox Beta

Turn on Insecure Password Warning in Firefox Beta
Firefox
Security
47 Branch
Unspecified
Unspecified
defect
Points:
---
VERIFIED FIXED
VERIFIED
FIXED
Firefox 51
Iteration:
51.3 - Sep 19
a11y-review
Accessibility Severity
Performance Impact
Webcompat Priority
Webcompat Score
Tracking Status
firefox50 --- verified
firefox51 --- verified
Tracking Status
relnote-firefox
firefox50
firefox51
firefox-esr115
firefox-esr140
firefox-esr153
firefox152
firefox153
firefox154
---
[fxprivacy]
QA Whiteboard:
---
Has STR:
---
Change Request:
---
Bug Flags:
Signature:
None
This bug is publicly visible. 

 












 
 

 

 
 
 
 
58 bytes,
 text/x-review-board-request 

 		
 
 
florian

:
 
 review+
 

 		
 
 Details
 





 

















 
 

 

 
 

 
 Reporter
 

 
 


 

 
 

 Description
 

 โ€ข
 
9 years ago
 

 		
 


 
 


 
 
This bugs is to take the insecure password warning to Beta. It requires a couple line code change here:
https://dxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js?q=browser%2Fapp%2Fprofile%2Ffirefox.js&redirect_type=direct#1220

 
 

 

 
 

 
 Reporter
 

 
 


 

 
 

 Comment 1
 

 โ€ข
 
9 years ago
 

 		
 


 
 


 
 
It sounds like the best we can do here is get the first half of the beta release with:
#ifdef EARLY_BETA_OR_EARLIER

 
 

 

 
 

 
 Reporter
 

 
 


 

 
 

 Comment 2
 

 โ€ข
 
9 years ago
 

 		
 


 
 


 
 
If we want this to make Firefox Beta 50, we will have to land this next week and get uplift approval to aurora.

Alternatively, since this is just a pref change, we could go the hotfix route if the uplift doesn't get approved.

 

 

 
 
 
 Reporter
 
 
 

 

 
 

 Updated
 

 โ€ข
 
9 years ago
 

 		
 

 

 
Blocks: 1301775
Assignee: nobody โ†’ past
Status: NEW โ†’ ASSIGNED
Priority: -- โ†’ P1
Whiteboard: [fxprivacy][triage]
Whiteboard: [fxprivacy][triage] โ†’ [fxprivacy]

 
 

 

 
 

 
 

 
 


 

 
 

 Comment 4
 

 โ€ข
 
9 years ago
 

 		
 


 

 mozreview-review
 
 
 

 


 
 
Comment on attachment 8790202 [details]
Bug 1301772 - Turn on Insecure Password Warning in Firefox Beta.

https://reviewboard.mozilla.org/r/78126/#review76606

::: browser/app/profile/firefox.js:1223
(Diff revision 1)
> 
> // Block insecure active content on https pages
> pref("security.mixed_content.block_active_content", true);
> 
> // Show degraded UI for http pages with password fields.
> // Only for Nightly and Dev Edition for not, not for beta or release.

Please update this comment to no longer say "not for beta".

 Attachment #8790202 -
 Flags: review?(florian) โ†’ review+
Good point, thanks. It's probably a pointless comment, but I've updated it to reflect reality.

 
 

 

 
 

 
 

 
 


 

 
 

 Comment 6
 

 โ€ข
 
9 years ago
 

 		
 


 
 


 
 
Pushed by pastithas@mozilla.com:
https://hg.mozilla.org/integration/fx-team/rev/5d8afbdb3620
Turn on Insecure Password Warning in Firefox Beta. r=florian
Flags: qe-verify?
Iteration: --- โ†’ 51.3 - Sep 19

 
 

 

 
 

 
 Reporter
 

 
 


 

 
 

 Comment 7
 

 โ€ข
 
9 years ago
 

 		
 


 
 


 
 
Panos, can you request uplift to aurora? That way, the pref will be turned on for Firefox 50 Beta.
Flags: needinfo?(past)
Sure, I'm just waiting for the patch to land on m-c.
Flags: needinfo?(past)
Status: ASSIGNED โ†’ RESOLVED
Closed: 9 years ago

 status-firefox51:
 --- โ†’ fixed
Resolution: --- โ†’ FIXED
Target Milestone: --- โ†’ Firefox 51
Flags: qe-verify? โ†’ qe-verify+
Comment on attachment 8790202 [details]
Bug 1301772 - Turn on Insecure Password Warning in Firefox Beta.

Approval Request Comment
[Feature/regressing bug #]: feature from bug 1179961
[User impact if declined]: product and engineering want to get more feedback from early beta users, so we want to let this feature ride another train when 50 is merged to beta
[Describe test coverage new/current, TreeHerder]: there are automated tests for this in the tree
[Risks and why]: no risk, just a pref flip
[String/UUID change made/needed]: none

 Attachment #8790202 -
 Flags: approval-mozilla-aurora?
Comment on attachment 8790202 [details]
Bug 1301772 - Turn on Insecure Password Warning in Firefox Beta.

Makes sense, Aurora50+

 Attachment #8790202 -
 Flags: approval-mozilla-aurora? โ†’ approval-mozilla-aurora+
QA Contact: paul.silaghi
I guess this can only be verified once 50 is merged to beta.
Updated the site compatibility doc: https://www.fxsitecompat.com/en-CA/docs/2015/non-https-sites-containing-login-form-will-be-marked-insecure/

Will tweet from @FxSiteCompat to get more attention from developers.
Keywords: site-compat
The lock with a strikethrough is displayed fine on the test pages:
http://people.mozilla.org/~tvyas/password/password_insecure.html
http://people.mozilla.org/~tvyas/password/frame_password.html
Verified fixed FX 50b1, 51.0a2 (2016-09-21) Win 7.
Status: RESOLVED โ†’ VERIFIED
Flags: qe-verify+
Is this going to ride the train to release, or is that a separate bug?

Gerv
(In reply to Gervase Markham [:gerv] from comment #16)
> Is this going to ride the train to release, or is that a separate bug?

It is going to be a separate bug.

 You need to log in
 before you can comment on or make changes to this bug.