Public bug reported: To reproduce open an sftp link to a remote host or even localhost in firefox. I had previous saved a key as a credentials with openssh- askpass then when you open the linke right click on page info and then show secuirty. It will say that the site connection is not encrpyted when in fact it is tunneled over ssh.
firefox: Installed: 37.0.2+build1-0ubuntu0.15.04.1 Candidate: 37.0.2+build1-0ubuntu0.15.04.1 Version table: *** 37.0.2+build1-0ubuntu0.15.04.1 0 500 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ vivid-security/main amd64 Packages 100 /var/lib/dpkg/status 37.0+build2-0ubuntu1 0 500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages Description: Ubuntu 15.04 Release: 15.04 I expected firefox to not think tunneling over ssh was sending text in the clear. Instead it says it doesn't provide identity information and that the connection is unencrpyted. Additional if you run sftp on localhost it implies someone can mitm the loopback device. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: firefox 37.0.2+build1-0ubuntu0.15.04.1 ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3 Uname: Linux 3.19.0-15-generic x86_64 AddonCompatCheckDisabled: False ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/pcmC0D0p: seeolah 1486 F...m pulseaudio /dev/snd/controlC0: seeolah 1486 F.... pulseaudio BuildID: 20150417180400 Channel: Unavailable CurrentDesktop: LXDE Date: Wed Apr 29 21:59:00 2015 Extensions: extensions.sqlite corrupt or missing ForcedLayersAccel: False IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite) InstallationDate: Installed on 2014-09-30 (211 days ago) InstallationMedia: Lubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140930) IpRoute: default via 192.168.88.1 dev eth0 proto static metric 1024 192.168.88.0/24 dev eth0 proto kernel scope link src 192.168.88.254 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 JournalErrors: Error: command ['journalctl', '-b', '--priority', 'warning'] failed with exit code 1: No journal files were found. Locales: extensions.sqlite corrupt or missing MostRecentCrashID: bp-428f4622-c310-48ba-9008-029b12150325 PrefSources: prefs.js Profiles: Profile0 (Default) - LastVersion=37.0.2/20150417180400 (In use) RelatedPackageVersions: gecko-mediaplayer 1.0.9-2ubuntu1 google-talkplugin 5.41.0.0-1 RfKill: RunningIncompatibleAddons: False SourcePackage: firefox SubmittedCrashIDs: bp-428f4622-c310-48ba-9008-029b12150325 bp-575ba30b-6f46-476c-84c3-80bfb2150324 Themes: extensions.sqlite corrupt or missing UpgradeStatus: Upgraded to vivid on 2014-12-12 (138 days ago) WifiSyslog: dmi.bios.date: 04/25/2014 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: P1.00 dmi.board.name: H97M Pro4 dmi.board.vendor: ASRock dmi.chassis.asset.tag: To Be Filled By O.E.M. dmi.chassis.type: 3 dmi.chassis.vendor: To Be Filled By O.E.M. dmi.chassis.version: To Be Filled By O.E.M. dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrP1.00:bd04/25/2014:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnH97MPro4:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.: dmi.product.name: To Be Filled By O.E.M. dmi.product.version: To Be Filled By O.E.M. dmi.sys.vendor: To Be Filled By O.E.M. ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug vivid ** Attachment added: "2015-04-29-220408_1920x1080_scrot.png" https://bugs.launchpad.net/bugs/1450317/+attachment/4388042/+files/2015-04-29-220408_1920x1080_scrot.png -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1450317 Title: firefox claims sftp:// links are unencrypted. Status in firefox package in Ubuntu: New Bug description: To reproduce open an sftp link to a remote host or even localhost in firefox. I had previous saved a key as a credentials with openssh- askpass then when you open the linke right click on page info and then show secuirty. It will say that the site connection is not encrpyted when in fact it is tunneled over ssh. firefox: Installed: 37.0.2+build1-0ubuntu0.15.04.1 Candidate: 37.0.2+build1-0ubuntu0.15.04.1 Version table: *** 37.0.2+build1-0ubuntu0.15.04.1 0 500 http://us.archive.ubuntu.com/ubuntu/ vivid-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ vivid-security/main amd64 Packages 100 /var/lib/dpkg/status 37.0+build2-0ubuntu1 0 500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages Description: Ubuntu 15.04 Release: 15.04 I expected firefox to not think tunneling over ssh was sending text in the clear. Instead it says it doesn't provide identity information and that the connection is unencrpyted. Additional if you run sftp on localhost it implies someone can mitm the loopback device. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: firefox 37.0.2+build1-0ubuntu0.15.04.1 ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3 Uname: Linux 3.19.0-15-generic x86_64 AddonCompatCheckDisabled: False ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/pcmC0D0p: seeolah 1486 F...m pulseaudio /dev/snd/controlC0: seeolah 1486 F.... pulseaudio BuildID: 20150417180400 Channel: Unavailable CurrentDesktop: LXDE Date: Wed Apr 29 21:59:00 2015 Extensions: extensions.sqlite corrupt or missing ForcedLayersAccel: False IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite) InstallationDate: Installed on 2014-09-30 (211 days ago) InstallationMedia: Lubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140930) IpRoute: default via 192.168.88.1 dev eth0 proto static metric 1024 192.168.88.0/24 dev eth0 proto kernel scope link src 192.168.88.254 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 JournalErrors: Error: command ['journalctl', '-b', '--priority', 'warning'] failed with exit code 1: No journal files were found. Locales: extensions.sqlite corrupt or missing MostRecentCrashID: bp-428f4622-c310-48ba-9008-029b12150325 PrefSources: prefs.js Profiles: Profile0 (Default) - LastVersion=37.0.2/20150417180400 (In use) RelatedPackageVersions: gecko-mediaplayer 1.0.9-2ubuntu1 google-talkplugin 5.41.0.0-1 RfKill: RunningIncompatibleAddons: False SourcePackage: firefox SubmittedCrashIDs: bp-428f4622-c310-48ba-9008-029b12150325 bp-575ba30b-6f46-476c-84c3-80bfb2150324 Themes: extensions.sqlite corrupt or missing UpgradeStatus: Upgraded to vivid on 2014-12-12 (138 days ago) WifiSyslog: dmi.bios.date: 04/25/2014 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: P1.00 dmi.board.name: H97M Pro4 dmi.board.vendor: ASRock dmi.chassis.asset.tag: To Be Filled By O.E.M. dmi.chassis.type: 3 dmi.chassis.vendor: To Be Filled By O.E.M. dmi.chassis.version: To Be Filled By O.E.M. dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrP1.00:bd04/25/2014:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnH97MPro4:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.: dmi.product.name: To Be Filled By O.E.M. dmi.product.version: To Be Filled By O.E.M. dmi.sys.vendor: To Be Filled By O.E.M. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1450317/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp