desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #116284
[Bug 1450317] [NEW] firefox claims sftp:// links are unencrypted.
Public bug reported:
To reproduce open an sftp link to a remote host or even localhost in
firefox. I had previous saved a key as a credentials with openssh-
askpass then when you open the linke right click on page info and then
show secuirty. It will say that the site connection is not encrpyted
when in fact it is tunneled over ssh.
firefox:
Installed: 37.0.2+build1-0ubuntu0.15.04.1
Candidate: 37.0.2+build1-0ubuntu0.15.04.1
Version table:
*** 37.0.2+build1-0ubuntu0.15.04.1 0
500 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ vivid-security/main amd64 Packages
100 /var/lib/dpkg/status
37.0+build2-0ubuntu1 0
500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
Description: Ubuntu 15.04
Release: 15.04
I expected firefox to not think tunneling over ssh was sending text in
the clear. Instead it says it doesn't provide identity information and
that the connection is unencrpyted. Additional if you run sftp on
localhost it implies someone can mitm the loopback device.
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: firefox 37.0.2+build1-0ubuntu0.15.04.1
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
Uname: Linux 3.19.0-15-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: seeolah 1486 F...m pulseaudio
/dev/snd/controlC0: seeolah 1486 F.... pulseaudio
BuildID: 20150417180400
Channel: Unavailable
CurrentDesktop: LXDE
Date: Wed Apr 29 21:59:00 2015
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
InstallationDate: Installed on 2014-09-30 (211 days ago)
InstallationMedia: Lubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140930)
IpRoute:
default via 192.168.88.1 dev eth0 proto static metric 1024
192.168.88.0/24 dev eth0 proto kernel scope link src 192.168.88.254
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
JournalErrors: Error: command ['journalctl', '-b', '--priority', 'warning'] failed with exit code 1: No journal files were found.
Locales: extensions.sqlite corrupt or missing
MostRecentCrashID: bp-428f4622-c310-48ba-9008-029b12150325
PrefSources: prefs.js
Profiles: Profile0 (Default) - LastVersion=37.0.2/20150417180400 (In use)
RelatedPackageVersions:
gecko-mediaplayer 1.0.9-2ubuntu1
google-talkplugin 5.41.0.0-1
RfKill:
RunningIncompatibleAddons: False
SourcePackage: firefox
SubmittedCrashIDs:
bp-428f4622-c310-48ba-9008-029b12150325
bp-575ba30b-6f46-476c-84c3-80bfb2150324
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: Upgraded to vivid on 2014-12-12 (138 days ago)
WifiSyslog:
dmi.bios.date: 04/25/2014
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: P1.00
dmi.board.name: H97M Pro4
dmi.board.vendor: ASRock
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrP1.00:bd04/25/2014:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnH97MPro4:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To Be Filled By O.E.M.
dmi.product.version: To Be Filled By O.E.M.
dmi.sys.vendor: To Be Filled By O.E.M.
** Affects: firefox (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug vivid
** Attachment added: "2015-04-29-220408_1920x1080_scrot.png"
https://bugs.launchpad.net/bugs/1450317/+attachment/4388042/+files/2015-04-29-220408_1920x1080_scrot.png
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1450317
Title:
firefox claims sftp:// links are unencrypted.
Status in firefox package in Ubuntu:
New
Bug description:
To reproduce open an sftp link to a remote host or even localhost in
firefox. I had previous saved a key as a credentials with openssh-
askpass then when you open the linke right click on page info and then
show secuirty. It will say that the site connection is not encrpyted
when in fact it is tunneled over ssh.
firefox:
Installed: 37.0.2+build1-0ubuntu0.15.04.1
Candidate: 37.0.2+build1-0ubuntu0.15.04.1
Version table:
*** 37.0.2+build1-0ubuntu0.15.04.1 0
500 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ vivid-security/main amd64 Packages
100 /var/lib/dpkg/status
37.0+build2-0ubuntu1 0
500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
Description: Ubuntu 15.04
Release: 15.04
I expected firefox to not think tunneling over ssh was sending text in
the clear. Instead it says it doesn't provide identity information and
that the connection is unencrpyted. Additional if you run sftp on
localhost it implies someone can mitm the loopback device.
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: firefox 37.0.2+build1-0ubuntu0.15.04.1
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
Uname: Linux 3.19.0-15-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: seeolah 1486 F...m pulseaudio
/dev/snd/controlC0: seeolah 1486 F.... pulseaudio
BuildID: 20150417180400
Channel: Unavailable
CurrentDesktop: LXDE
Date: Wed Apr 29 21:59:00 2015
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
InstallationDate: Installed on 2014-09-30 (211 days ago)
InstallationMedia: Lubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140930)
IpRoute:
default via 192.168.88.1 dev eth0 proto static metric 1024
192.168.88.0/24 dev eth0 proto kernel scope link src 192.168.88.254
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
JournalErrors: Error: command ['journalctl', '-b', '--priority', 'warning'] failed with exit code 1: No journal files were found.
Locales: extensions.sqlite corrupt or missing
MostRecentCrashID: bp-428f4622-c310-48ba-9008-029b12150325
PrefSources: prefs.js
Profiles: Profile0 (Default) - LastVersion=37.0.2/20150417180400 (In use)
RelatedPackageVersions:
gecko-mediaplayer 1.0.9-2ubuntu1
google-talkplugin 5.41.0.0-1
RfKill:
RunningIncompatibleAddons: False
SourcePackage: firefox
SubmittedCrashIDs:
bp-428f4622-c310-48ba-9008-029b12150325
bp-575ba30b-6f46-476c-84c3-80bfb2150324
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: Upgraded to vivid on 2014-12-12 (138 days ago)
WifiSyslog:
dmi.bios.date: 04/25/2014
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: P1.00
dmi.board.name: H97M Pro4
dmi.board.vendor: ASRock
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrP1.00:bd04/25/2014:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnH97MPro4:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To Be Filled By O.E.M.
dmi.product.version: To Be Filled By O.E.M.
dmi.sys.vendor: To Be Filled By O.E.M.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1450317/+subscriptions
Follow ups
References
