[Bug 1485020] Re: firefox 40 shows a non-overrideable security error when talking to a captive portal
Matthew Paul Thomas
mpt at canonical.com
Mon Oct 29 08:54:02 UTC 2018
> Quite often, the reason the site operator tried to use HTTPS at all
> was that they're doing something that really does need security,
> something they would never dream of using HTTP for. So without the
> browser knowing what a site is for, letting you use misconfigured/
> vulnerable HTTPS is, on average, much riskier than letting you use
> HTTP.
FWIW, in the three years since I wrote this, the situation has changed
hugely. Browser vendors have encouraged sites in general to adopt HTTPS
(both by offering new abilities only to HTTPS sites, and by showing
increasingly-scary UI for HTTP), and pages loaded over HTTPS worldwide
have increased from 38% to 76%. <https://letsencrypt.org/stats/#percent-
pageloads> So it’s no longer the case that most HTTPS sites are
“something they would never dream of using HTTP for”.
So, it might now be more justified to let people override HTTPS
misconfiguration/vulnerability blockages than it was before. But maybe
other factors have changed too, such as the frequency of
misconfiguration or the frequency of attacks.
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1485020
Title:
firefox 40 shows a non-overrideable security error when talking to a
captive portal
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1485020/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list