X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Ebay sign in page does not have padlock-states only partially encrypted..IE has padlock. Why is ebay's sign in page not secure in Firefox? FF Version 14.0.1

Posted

When signing into ebay, the page starts to load with the green padlock, but when page is fully loaded there is no padlock. I can use Internet Explorer and so to the sign in page and it has the green padlock.

Why in Firefox is this sign in page not secure? Thanks

Modified by cor-el

Additional System Details

Sites Affected

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http%3A%2F%2Fmy.ebay.com%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyEbay%3D%26gbh%3D1%26guest%3D1&pageType=3984

Installed Plug-ins

  • Shockwave Flash 11.3 r300

Application

  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1

More Information

jscher2000
  • Top 10 Contributor
2357 solutions 20872 answers

I'm getting the green lock at the moment.

When you have a problem with one particular site, a good "first thing to try" is clearing your Firefox cache and deleting your saved cookies for the site.

1. Bypass Firefox's Cache

Use Ctrl+Shift+r to reload the page fresh from the server. Any difference? If not...

2. Clear Firefox's Cache Completely

orange Firefox button or Tools menu > Options > Advanced

On the Network mini-tab > Cached Web Content : "Clear Now"

3. If needed, remove the site's cookies in this dialog

While viewing a page on the site, right-click and choose View Page Info > Security > "View Cookies"

Then try reloading the page. Does that help?

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

I see this request with a Moved Temporarily location response to an insecure http: link.

  • https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http%3A%2F%2Fmy.ebay.com%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyEbay%3D%26gbh%3D1%26guest%3D1&pageType=3984

If the warning for mixed content is enabled that I'm notified.

https://srv.main.ebayrtm.com/rtm?RtmCmd&a=json&p=11751&ph=0&ev=0&uf=0&ord=1346238031178&e=USC:1&z=10&bw=820&bh=906&cg=1346238210555&enc=UTF-8&v=4&rnc=1&cb=vjo.dsf.assembly.VjClientAssembler._callback0&_vrdm=1346238210556

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://srv.main.ebayrtm.com/rtm?RtmCmd&a=json&p=11751&ph=0&ev=0&uf=0&ord=1346238031178&e=USC:1&z=10&bw=820&bh=906&cg=1346238210555&enc=UTF-8&v=4&rnc=1&cb=vjo.dsf.assembly.VjClientAssembler._callback0&_vrdm=1346238210556&r=yes

It only happens the first time visiting the link and I can make it reappear if I use Clear Recent History to clear these items (Last Hour): Cookies, Cache, Active Logins If I leave out any those then it doesn't happen.

Modified by cor-el

bubbingscrubbles 0 solutions 6 answers

I'm having the problem too. Only with Ebay. When I go to sign in, there is NO green padlock and when I right-click on the page, it says 'partially encrypted'. I cleared all the cookies in Mozilla by going to tools>options>advanced>network tab and chose 'clear now' under 'cached web content' and it didn't solve the problem. I'm now having to use IE to sign in securely on Ebay which I hate doing since IE is prone to freezing up and slowing my PC down. Any other solutions out there??

bubbingscrubbles 0 solutions 6 answers

Screen shot:

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

That is still a problem with the eBay login page (http://my.ebay.com)

There is still a http redirect with this request.

HTTP/1.1 302 Moved Temporarily

Firefox shows in such a case a broken padlock to make that noticeable, but other browsers may not do that.
The Developer tools in Google Chrome show that http request in RED, but the location bar in GC shows an encrypted connection and you won't notice that files were retrieved via an insecure connection.

jscher2000
  • Top 10 Contributor
2357 solutions 20872 answers

I either do not have an eBay account or I don't have a cookie for it. Maybe that's why I get a nice green lock on this page (redirected from my.ebay.com)? (I notice the word "guest" in there...)

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http%3A%2F%2Fmy.ebay.com%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26guest%3D1&pageType=3984

I'm not getting redirected on either request made to srv.main.ebayrtm.com by that page.

Edit: Forget what I said. My normal profile doesn't redirect, but if I start Firefox in a new profile, it does. There are way too many customizations to be able to quickly track down the difference.

Modified by jscher2000

jscher2000
  • Top 10 Contributor
2357 solutions 20872 answers

IE presents me the dialog to block the insecure content. Firefox does not currently have this feature, but might have it in the future, as noted in this thread: Can unencrypted items in a https connection be hidden?

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

Firefox 18 will have this.

It currently applies #identity-box[class="unknownIdentity mixedContent"] or #identity-box[class="unknownIdentity mixedActiveContent"], so that part is working, but the icon and UI (notification bar) hasn't been implemented yet.

  • resource:///chrome/browser/skin/classic/browser/

(Bug 782654 - Implement Mixed Content Blocker UI)


This code in userChrome.css works in Firefox 15 and later.

@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /* only needed once */

#urlbar[pageproxystate="valid"] > #identity-box.unknownIdentity.mixedContent #page-proxy-favicon,
#urlbar[pageproxystate="valid"] > #identity-box.unknownIdentity.mixedActiveContent #page-proxy-favicon {
 list-style-image: url("chrome://browser/skin/Security-broken.png")!important;
 -moz-image-region: auto!important;
}

#urlbar[pageproxystate="valid"] > #identity-box.unknownIdentity.mixedActiveContent {
 background-image: -moz-linear-gradient(hsl(1,90%,88%), hsl(3,80%,80%))!important;
 box-shadow: 0 1px 0 hsla(2,81%,16%,.05) inset!important;
 -moz-border-end-color: hsla(2,81%,16%,.2)!important;
 color: hsl(2,81%,16%)!important;
}

The customization files userChrome.css (interface) and userContent.css (websites) are located in the chrome folder in the user profile folder.

Modified by cor-el

bubbingscrubbles 0 solutions 6 answers

So does anyone know if they're working on the problem?

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

You will have to contact eBay to get this fixed because it is their server configuration with the redirect to an insecure link in this case that is causing it.
Firefox exposes this issue as it does in a lot of other cases and that makes Firefox very well suited for testing purposes.
Other browsers do not expose this no openly or may be able to block or hide content from an http link, but that doesn't fix it.
A secure connection should never fetch content via an insecure link.

  • Bug 782654 - Implement Mixed Content Blocker UI

(please do not comment in bug reports)

bubbingscrubbles 0 solutions 6 answers

I called Ebay and this is a FIrefox problem. Now as of today, when I go to sign in on PayPal, the same thing happens, the padlock symbol that was always there to indicate an encrypted connection is gone. I refreshed the page, cleared the cookies and the padlock does not appear anymore at the PayPal sign in page. Firefox needs to look into this.

bubbingscrubbles 0 solutions 6 answers

For what it's worth, this is what has been done this far to try to fix the problem: All cookies in the cache were cleared. Scanned for malware, nothing found. Updated to the latest version of Firefox 16.0.1. Ran Firefox in safe mode and the same thing happened in safe mode, the sign in for Ebay and PayPal are not encrypted and there's no padlock showing in the address bar, just a globe icon.

I doubt it's any malware because if I go to Ebay using Firefox and click on 'register' (instead of 'sign in') as if I were registering there, I DO get the padlock and it shows RC4 128 bit encryption in Firefox. So it's only when signing in to Ebay or PayPal that there's no encryption or padlock. There has to be a bug somewhere.

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

This is really a problem with the eBay site and there is nothing that you can do about this apart from ignoring it.

Websites that are opened via a secure HTTPS link should never retrieve data via an insecure HTTP link.
You may be able to block such items in future Firefox versions and in other browser, but that only covers the problem.

jscher2000
  • Top 10 Contributor
2357 solutions 20872 answers

I suspect the server at srv.main.ebayrtm.com has little role other than to serve advertising. Perhaps the best short term workaround is to block it.

bubbingscrubbles 0 solutions 6 answers

I should also mention when I try signing in to other sites like Amazon, I DO get a secure encryption with Firefox and the padlock is present. This only seems to be happening with PayPal and Ebay. I only get the gray globe icon in the address bar, no padlock and I am using the latest version of Firefox 16.0.1.