ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Although typed URL includes https, there is no lock visible

  • 8 ردود
  • 4 have this problem
  • 26 views
  • آخر ردّ كتبه John99

more options

Although typed URL includes https, there is no lock visible. I started having difficulties on the 15th logging into mail.yahoo.com with Firefox (updated to 23 on the 10th, and, as of today 23.01) on a Win7 home premium SP1 x64 desktop.

I was getting alerts from Avast that the site had been marked as a phishing site. I had no problems accessing yahoo.com with FF, nor mail.yahoo.com if I were using Opera or Pale Moon. It was only today that I noticed that although I was typing 'https' (and the box was showing https), I was *not* seeing a padlock. I have rebooted my modem, flushed my dns cache, cleaned cookies/cache within FF. My hosts file shows a last modify date of 6/10/2009 17:00. It is 824 bytes and is the vanilla MS file (all commented text).

In both instances the URL showing in the address box is the same: https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=http://mail.yahoo.com.

It is just with PM or Opera the padlock appears, but with Firefox it doesn't. If I click to the left of the address in FF, I get "This website does not supply identity information. Your connection to this site is only partially encrypted and does not prevent eavesdropping." In PM or Opera I get "You are connected to yahoo.com which is run by (unknown) Verified by:DigiCert Inc Your connection to this website is encrypted to prevent eavesdropping."

I can provide screenshots.

الحل المُختار

sorry about the formatting above; I had set it up with add-on name on the left and result on the right.

best laid plans...

how do you want me to handle marking for solving the problem? The safe boot /selective re-enabling of add-ons identified the culprit. I guess the 'site fix' Avast referenced earlier today was an update to the add-on which took some time to percolate through the servers. snew

Read this answer in context 👍 0

All Replies (8)

more options

hello, firefox won't show the padlock icon, when it's a so called "mixed connection". when a email message is embedding external images, those might not be loaded over a secure https:-connection. even if there is one single element of the page that is not loaded through a secure connection, then firefox won't show the padlock icon in the location bar (your connection to the yahoo servers itself will stay encrypted nevertheless).

https://developer.mozilla.org/en-US/docs/Security/MixedContent

in firefox 23 the browser will automatically block active mixed content (scripts, plugins) - if you want to extend that to images as well (since they are commonly embedded into emails and might well cause the behaviour you've observed), enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.mixed_content.block_display_content. double-click it and change its value to true (a restart of the browser might be necessary afterwards for the change to take effect).

more options

Many thanks for the prompt response. However that does not explain why both Pale Moon and Opera display an encrypted connection while FF does not.

This is reproducible behavior across two machines, desktop and laptop, both Win7x64 sp1, both fully MS patched. I am attaching screenshots just taken showing the page in FF and the page in PM.

I have been in touch with Avast about this issue; their latest communication indicated it was fixed 'on their site'. I did an update on engine and definitions but, as you can see from the attachment, the issue is not fixed on my side.

Is this something that should be coordinated with Avast/Yahoo?

TIA

UPDATE: I have tried to upload a screenshot, first as .docx, then as a .pdf. In both instances I get the following error: Error uploading image Invalid or no image received

more options

You can only attach real image files like JPG or PNG and not files created by applications that would require special software to display them.

Do you see a shield icon on the left hand side of the location bar?

more options

Thank you cor-el for the clarification. I've pulled 2 snapshots off of my mac (first from FF, second from Opera)

more options

can you try to replicate this behaviour when you launch firefox in safe mode once?

Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems

more options

Dear Philipp,

This afternoon I booted into safe mode on my Mac (Macbook Pro 10.8.4). https://mail.yahoo.com *did* have the padlock. I then restarted, disabled all addons and, one by one re-enabled the add-ons and tried to access https://mail.yahoo.com

Adblock Plus 2.32                        padlock present 
Donwload Helper 4.9.17                 padlock present 
Ghostery 2.96                            padlock present
WOT 20130515                           padlock present
NoScript 2.6.7                          padlock present
Avast Online Security 8.0.1489         padlock present(!) but with phishing site alert.
                                                             disabled Avast
Self-Destructing Cookies 0.4.1     padlock present
re-enabled Avast                         same as above
disabled all add-ons except Avast  padlock present but with phishing alert

edit added some spacing ~J99

now, through all this I have had no problems connecting to yahoo.com. When I tried https://login.yahoo.com the padlock was present, but no warning. When I then tried mail.yahoo.com again, there was no alert.

This evening, I repeated all of the above on my Win 7 x64 SP1 desktop. Everything as on the MAC *except* the phishing alert has now disappeared (!).

I have just checked my mac, and the Avast alert has disappeared there too, so, it looks like the issue is resolved.

Many thanks for all your help (I hope I don't have to repeat any of this any time soon) snew

Modified by John99

more options

الحل المُختار

sorry about the formatting above; I had set it up with add-on name on the left and result on the right.

best laid plans...

how do you want me to handle marking for solving the problem? The safe boot /selective re-enabling of add-ons identified the culprit. I guess the 'site fix' Avast referenced earlier today was an update to the add-on which took some time to percolate through the servers. snew

Modified by snew

more options

I have marked your own explanation as the solution, but feel free to change that if some other answer seems more appropriate as a solution.