Although typed URL includes https, there is no lock visible
Although typed URL includes https, there is no lock visible. I started having difficulties on the 15th logging into mail.yahoo.com with Firefox (updated to 23 on the 10th, and, as of today 23.01) on a Win7 home premium SP1 x64 desktop.
I was getting alerts from Avast that the site had been marked as a phishing site. I had no problems accessing yahoo.com with FF, nor mail.yahoo.com if I were using Opera or Pale Moon. It was only today that I noticed that although I was typing 'https' (and the box was showing https), I was *not* seeing a padlock. I have rebooted my modem, flushed my dns cache, cleaned cookies/cache within FF. My hosts file shows a last modify date of 6/10/2009 17:00. It is 824 bytes and is the vanilla MS file (all commented text).
In both instances the URL showing in the address box is the same: https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=http://mail.yahoo.com.
It is just with PM or Opera the padlock appears, but with Firefox it doesn't. If I click to the left of the address in FF, I get "This website does not supply identity information. Your connection to this site is only partially encrypted and does not prevent eavesdropping." In PM or Opera I get "You are connected to yahoo.com which is run by (unknown) Verified by:DigiCert Inc Your connection to this website is encrypted to prevent eavesdropping."
I can provide screenshots.
Vybrané riešenie
sorry about the formatting above; I had set it up with add-on name on the left and result on the right.
best laid plans...
how do you want me to handle marking for solving the problem? The safe boot /selective re-enabling of add-ons identified the culprit. I guess the 'site fix' Avast referenced earlier today was an update to the add-on which took some time to percolate through the servers. snew
Čítať túto odpoveď v kontexte 👍 0Všetky odpovede (8)
hello, firefox won't show the padlock icon, when it's a so called "mixed connection". when a email message is embedding external images, those might not be loaded over a secure https:-connection. even if there is one single element of the page that is not loaded through a secure connection, then firefox won't show the padlock icon in the location bar (your connection to the yahoo servers itself will stay encrypted nevertheless).
https://developer.mozilla.org/en-US/docs/Security/MixedContent
in firefox 23 the browser will automatically block active mixed content (scripts, plugins) - if you want to extend that to images as well (since they are commonly embedded into emails and might well cause the behaviour you've observed), enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.mixed_content.block_display_content. double-click it and change its value to true (a restart of the browser might be necessary afterwards for the change to take effect).
Many thanks for the prompt response. However that does not explain why both Pale Moon and Opera display an encrypted connection while FF does not.
This is reproducible behavior across two machines, desktop and laptop, both Win7x64 sp1, both fully MS patched. I am attaching screenshots just taken showing the page in FF and the page in PM.
I have been in touch with Avast about this issue; their latest communication indicated it was fixed 'on their site'. I did an update on engine and definitions but, as you can see from the attachment, the issue is not fixed on my side.
Is this something that should be coordinated with Avast/Yahoo?
TIA
UPDATE: I have tried to upload a screenshot, first as .docx, then as a .pdf. In both instances I get the following error: Error uploading image Invalid or no image received
You can only attach real image files like JPG or PNG and not files created by applications that would require special software to display them.
Do you see a shield icon on the left hand side of the location bar?
Thank you cor-el for the clarification. I've pulled 2 snapshots off of my mac (first from FF, second from Opera)
can you try to replicate this behaviour when you launch firefox in safe mode once?
Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems
Dear Philipp,
This afternoon I booted into safe mode on my Mac (Macbook Pro 10.8.4). https://mail.yahoo.com *did* have the padlock. I then restarted, disabled all addons and, one by one re-enabled the add-ons and tried to access https://mail.yahoo.com
Adblock Plus 2.32 padlock present
Donwload Helper 4.9.17 padlock present
Ghostery 2.96 padlock present
WOT 20130515 padlock present
NoScript 2.6.7 padlock present
Avast Online Security 8.0.1489 padlock present(!) but with phishing site alert.
disabled Avast
Self-Destructing Cookies 0.4.1 padlock present
re-enabled Avast same as above
disabled all add-ons except Avast padlock present but with phishing alert
edit added some spacing ~J99
now, through all this I have had no problems connecting to yahoo.com. When I tried https://login.yahoo.com the padlock was present, but no warning. When I then tried mail.yahoo.com again, there was no alert.
This evening, I repeated all of the above on my Win 7 x64 SP1 desktop. Everything as on the MAC *except* the phishing alert has now disappeared (!).
I have just checked my mac, and the Avast alert has disappeared there too, so, it looks like the issue is resolved.
Many thanks for all your help (I hope I don't have to repeat any of this any time soon) snew
Upravil(a) John99 dňa
Vybrané riešenie
sorry about the formatting above; I had set it up with add-on name on the left and result on the right.
best laid plans...
how do you want me to handle marking for solving the problem? The safe boot /selective re-enabling of add-ons identified the culprit. I guess the 'site fix' Avast referenced earlier today was an update to the add-on which took some time to percolate through the servers. snew
Upravil(a) snew dňa
I have marked your own explanation as the solution, but feel free to change that if some other answer seems more appropriate as a solution.