links are unencrypted.

Brendan Perrine Wed, 29 Apr 2015 22:46:34 -0700

Public bug reported:

To reproduce open an sftp link to a remote host or even localhost in
firefox. I had previous saved a key as a credentials with openssh-
askpass then when you open the linke right click on page info and then
show secuirty. It will say that the site connection is not encrpyted
when in fact it is tunneled over ssh.


firefox:
  Installed: 37.0.2+build1-0ubuntu0.15.04.1
  Candidate: 37.0.2+build1-0ubuntu0.15.04.1
  Version table:
 *** 37.0.2+build1-0ubuntu0.15.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main amd64 
Packages
        500 http://security.ubuntu.com/ubuntu/ vivid-security/main amd64 
Packages
        100 /var/lib/dpkg/status
     37.0+build2-0ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
Description:    Ubuntu 15.04
Release:        15.04


I expected firefox to not think tunneling over ssh was sending text in
the clear. Instead it says it doesn't provide identity information and
that the connection is unencrpyted. Additional if you run sftp on
localhost it implies someone can mitm the loopback device.

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: firefox 37.0.2+build1-0ubuntu0.15.04.1
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
Uname: Linux 3.19.0-15-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
 USER        PID ACCESS COMMAND
 /dev/snd/pcmC0D0p:   seeolah    1486 F...m pulseaudio
 /dev/snd/controlC0:  seeolah    1486 F.... pulseaudio
BuildID: 20150417180400
Channel: Unavailable
CurrentDesktop: LXDE
Date: Wed Apr 29 21:59:00 2015
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini 
or extensions.sqlite)
InstallationDate: Installed on 2014-09-30 (211 days ago)
InstallationMedia: Lubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140930)
IpRoute:
 default via 192.168.88.1 dev eth0  proto static  metric 1024 
 192.168.88.0/24 dev eth0  proto kernel  scope link  src 192.168.88.254 
 192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1
JournalErrors: Error: command ['journalctl', '-b', '--priority', 'warning'] 
failed with exit code 1: No journal files were found.
Locales: extensions.sqlite corrupt or missing
MostRecentCrashID: bp-428f4622-c310-48ba-9008-029b12150325
PrefSources: prefs.js
Profiles: Profile0 (Default) - LastVersion=37.0.2/20150417180400 (In use)
RelatedPackageVersions:
 gecko-mediaplayer 1.0.9-2ubuntu1
 google-talkplugin 5.41.0.0-1
RfKill:
 
RunningIncompatibleAddons: False
SourcePackage: firefox
SubmittedCrashIDs:
 bp-428f4622-c310-48ba-9008-029b12150325
 bp-575ba30b-6f46-476c-84c3-80bfb2150324
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: Upgraded to vivid on 2014-12-12 (138 days ago)
WifiSyslog:
 
dmi.bios.date: 04/25/2014
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: P1.00
dmi.board.name: H97M Pro4
dmi.board.vendor: ASRock
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrP1.00:bd04/25/2014:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnH97MPro4:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To Be Filled By O.E.M.
dmi.product.version: To Be Filled By O.E.M.
dmi.sys.vendor: To Be Filled By O.E.M.

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug vivid

** Attachment added: "2015-04-29-220408_1920x1080_scrot.png"
   
https://bugs.launchpad.net/bugs/1450317/+attachment/4388042/+files/2015-04-29-220408_1920x1080_scrot.png

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450317

Title:
  firefox claims sftp:// links are unencrypted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1450317/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1450317] [NEW] firefox claims sftp:// links are unencrypted.

Reply via email to