On 20/04/12 06:13 AM, Wan-Teh Chang wrote:
On Thu, Apr 19, 2012 at 12:39 PM, John Nagle<na...@sitetruth.com> wrote:
Check out
https://easyabc.95599.cn/commbank/netBank/zh_CN/CommLogin.aspx
which is the Agricultural Bank of China. They have
an EV cert signed by Mozilla, but Mozilla isn't displaying the
correct info.
In my testing I saw Mozilla display the EV status for a brief
moment and then lose it, while the "page loading" icon kept
spinning.
Yes I saw that too. Rather disturbing! CA needs to get some guidance
out to its subscribers?
Also, the URL is disturbing, and looks like a phish. Numbers aren't
familiar in the western world, are they ok in China? Also commbank and
netbank are both brandings of the Commonwealth Bank of Australia
(biggest bank there) so that isn't comfortable.
http://commbank.com.au/
So I suspect that the bug is that for some reason Mozilla
cannot finish loading that page.
Mixed content, apparently. OK.
iang
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
