On Thursday, April 19, 2012 9:21:14 PM UTC-5, ianG wrote: > On 20/04/12 06:13 AM, Wan-Teh Chang wrote: > > On Thu, Apr 19, 2012 at 12:39 PM, John Nagle<nagle@[redacted].com> wrote: > >> Check out > >> > >> https://easyabc.95599.cn/commbank/netBank/zh_CN/CommLogin.aspx > >> > >> which is the Agricultural Bank of China. They have > >> an EV cert signed by Mozilla, but Mozilla isn't displaying the > >> correct info. > > > > In my testing I saw Mozilla display the EV status for a brief > > moment and then lose it, while the "page loading" icon kept > > spinning. > > > Yes I saw that too. Rather disturbing! CA needs to get some guidance > out to its subscribers? > > Also, the URL is disturbing, and looks like a phish. Numbers aren't > familiar in the western world, are they ok in China? Also commbank and > netbank are both brandings of the Commonwealth Bank of Australia > (biggest bank there) so that isn't comfortable. > > http://commbank.com.au/ > > > So I suspect that the bug is that for some reason Mozilla > > cannot finish loading that page. > > > Mixed content, apparently. OK. > > iang
PhishTank has already flagged it as phishing[1] so I've reported it too using Help > Report Web forgery... One odd thing is that on Nightly that URL never finish loading (i.e. the green spinner spins forever). Is that a Nightly bug? Alex [1] http://www.phishtank.com/phish_detail.php?phish_id=1359252 _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
