[Desktop-packages] [Bug 917299] Re: Security Connection Failure notice
SJF, We're now closing this bug report by marking it "Invalid". If you disagree with this action please re-open the report by changing the status to "New" and provide any additional information that you think relevant. Thank you for helping make Ubuntu better. Paul White [Ubuntu Bug Squad] ** Changed in: firefox (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/917299 Title: Security Connection Failure notice Status in firefox package in Ubuntu: Invalid Bug description: I get a otice from my banking website as follows: webbroker.td.com:443 uses an invalid security certificate. The certificate is only valid for the following names: *.opendns.com , opendns.com (Error code: ssl_error_bad_cert_dom) This could be a problem with the server's configuration or it could be someone trying to impersonate the server. ___end This notice only appears at this particular site. The bank claims it is not their server that is the cause. Can it be Firefox? site in question is: https://webbrokercpo.tdwaterhouse.ca/ ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: firefox 9.0.1+build1-0ubuntu0.11.04.1 ProcVersionSignature: Ubuntu 2.6.38-13.53-generic-pae 2.6.38.8 Uname: Linux 2.6.38-13-generic-pae i686 AddonCompatCheckDisabled: False AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23. Architecture: i386 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: sjf1396 F pulseaudio BuildID: 20111221202246 CRDA: Error: [Errno 2] No such file or directory Card0.Amixer.info: Card hw:0 'Intel'/'HDA Intel at 0xefff4000 irq 45' Mixer name : 'Realtek ALC888' Components : 'HDA:10ec0888,105be619,0011' Controls : 37 Simple ctrls : 21 Channel: release Date: Mon Jan 16 10:04:37 2012 ForcedLayersAccel: False IfupdownConfig: auto lo iface lo inet loopback InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1) IpRoute: 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.11 metric 1 169.254.0.0/16 dev eth0 scope link metric 1000 default via 192.168.1.1 dev eth0 proto static IwConfig: lono wireless extensions. eth0 no wireless extensions. ProcEnviron: LANGUAGE=en_CA:en LANG=en_CA.UTF-8 SHELL=/bin/bash Profiles: Profile0 (Default) - LastVersion=9.0.1/20111221202246 (Running) RfKill: RunningIncompatibleAddons: False SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) WifiSyslog: dmi.bios.date: 03/26/2007 dmi.bios.vendor: Phoenix Technologies, LTD dmi.bios.version: R01-A4 dmi.board.name: FG965M dmi.board.vendor: Acer dmi.chassis.type: 3 dmi.chassis.vendor: Acer dmi.modalias: dmi:bvnPhoenixTechnologies,LTD:bvrR01-A4:bd03/26/2007:svnAcer:pnAspireE700:pvrR01-A4:rvnAcer:rnFG965M:rvr:cvnAcer:ct3:cvr: dmi.product.name: Aspire E700 dmi.product.version: R01-A4 dmi.sys.vendor: Acer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/917299/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 917299] Re: Security Connection Failure notice
I don't think that this is a firefox problem: The cert mentioned above is injected by opendns, a service the provides secure DNS (http://www.opendns.com). Typically when the requested site is in a blocked category, opends resolves the domain requested to a own site that contains a page indicating this blockage. When the requested site was https, opendns does a redirect to the https version of this blocked notice which obviously is backed by the opends cert. Due to the fact that opendns is outright lying to the browser about the TCP/IP address of the requested site, there is nothing that firefox could do to detect this and alert the user. This bug probably should be closed. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/917299 Title: Security Connection Failure notice Status in firefox package in Ubuntu: New Bug description: I get a otice from my banking website as follows: webbroker.td.com:443 uses an invalid security certificate. The certificate is only valid for the following names: *.opendns.com , opendns.com (Error code: ssl_error_bad_cert_dom) This could be a problem with the server's configuration or it could be someone trying to impersonate the server. ___end This notice only appears at this particular site. The bank claims it is not their server that is the cause. Can it be Firefox? site in question is: https://webbrokercpo.tdwaterhouse.ca/ ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: firefox 9.0.1+build1-0ubuntu0.11.04.1 ProcVersionSignature: Ubuntu 2.6.38-13.53-generic-pae 2.6.38.8 Uname: Linux 2.6.38-13-generic-pae i686 AddonCompatCheckDisabled: False AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23. Architecture: i386 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: sjf1396 F pulseaudio BuildID: 20111221202246 CRDA: Error: [Errno 2] No such file or directory Card0.Amixer.info: Card hw:0 'Intel'/'HDA Intel at 0xefff4000 irq 45' Mixer name : 'Realtek ALC888' Components : 'HDA:10ec0888,105be619,0011' Controls : 37 Simple ctrls : 21 Channel: release Date: Mon Jan 16 10:04:37 2012 ForcedLayersAccel: False IfupdownConfig: auto lo iface lo inet loopback InstallationMedia: Ubuntu 11.04 Natty Narwhal - Release i386 (20110427.1) IpRoute: 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.11 metric 1 169.254.0.0/16 dev eth0 scope link metric 1000 default via 192.168.1.1 dev eth0 proto static IwConfig: lono wireless extensions. eth0 no wireless extensions. ProcEnviron: LANGUAGE=en_CA:en LANG=en_CA.UTF-8 SHELL=/bin/bash Profiles: Profile0 (Default) - LastVersion=9.0.1/20111221202246 (Running) RfKill: RunningIncompatibleAddons: False SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) WifiSyslog: dmi.bios.date: 03/26/2007 dmi.bios.vendor: Phoenix Technologies, LTD dmi.bios.version: R01-A4 dmi.board.name: FG965M dmi.board.vendor: Acer dmi.chassis.type: 3 dmi.chassis.vendor: Acer dmi.modalias: dmi:bvnPhoenixTechnologies,LTD:bvrR01-A4:bd03/26/2007:svnAcer:pnAspireE700:pvrR01-A4:rvnAcer:rnFG965M:rvr:cvnAcer:ct3:cvr: dmi.product.name: Aspire E700 dmi.product.version: R01-A4 dmi.sys.vendor: Acer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/917299/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 917299] Re: Security Connection Failure notice
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/917299 Title: Security Connection Failure notice Status in “firefox” package in Ubuntu: New Bug description: I get a otice from my banking website as follows: webbroker.td.com:443 uses an invalid security certificate. The certificate is only valid for the following names: *.opendns.com , opendns.com (Error code: ssl_error_bad_cert_dom) This could be a problem with the server's configuration or it could be someone trying to impersonate the server. ___end This notice only appears at this particular site. The bank claims it is not their server that is the cause. Can it be Firefox? site in question is: https://webbrokercpo.tdwaterhouse.ca/ ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: firefox 9.0.1+build1-0ubuntu0.11.04.1 ProcVersionSignature: Ubuntu 2.6.38-13.53-generic-pae 2.6.38.8 Uname: Linux 2.6.38-13-generic-pae i686 AddonCompatCheckDisabled: False AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23. Architecture: i386 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: sjf1396 F pulseaudio BuildID: 20111221202246 CRDA: Error: [Errno 2] No such file or directory Card0.Amixer.info: Card hw:0 'Intel'/'HDA Intel at 0xefff4000 irq 45' Mixer name : 'Realtek ALC888' Components : 'HDA:10ec0888,105be619,0011' Controls : 37 Simple ctrls : 21 Channel: release Date: Mon Jan 16 10:04:37 2012 ForcedLayersAccel: False IfupdownConfig: auto lo iface lo inet loopback InstallationMedia: Ubuntu 11.04 Natty Narwhal - Release i386 (20110427.1) IpRoute: 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.11 metric 1 169.254.0.0/16 dev eth0 scope link metric 1000 default via 192.168.1.1 dev eth0 proto static IwConfig: lono wireless extensions. eth0 no wireless extensions. ProcEnviron: LANGUAGE=en_CA:en LANG=en_CA.UTF-8 SHELL=/bin/bash Profiles: Profile0 (Default) - LastVersion=9.0.1/20111221202246 (Running) RfKill: RunningIncompatibleAddons: False SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) WifiSyslog: dmi.bios.date: 03/26/2007 dmi.bios.vendor: Phoenix Technologies, LTD dmi.bios.version: R01-A4 dmi.board.name: FG965M dmi.board.vendor: Acer dmi.chassis.type: 3 dmi.chassis.vendor: Acer dmi.modalias: dmi:bvnPhoenixTechnologies,LTD:bvrR01-A4:bd03/26/2007:svnAcer:pnAspireE700:pvrR01-A4:rvnAcer:rnFG965M:rvr:cvnAcer:ct3:cvr: dmi.product.name: Aspire E700 dmi.product.version: R01-A4 dmi.sys.vendor: Acer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/917299/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp