Bug#580420: konqueror does not report cleartext content in https pages

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#580420: konqueror does not report cleartext content in https pages
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 05 May 2010 17:11:46 -0400
Message-id: <[🔎] 20100505211146.6083.14966.reportbug@localhost.localdomain>
Reply-to: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 580420@bugs.debian.org

Package: konqueror
Version: 4:4.3.4-1
Severity: normal

Most web browsers show a lock and/or change the address bar to
indicate that an https site has been connected to via TLS.  konqueror
shows (afaict) a green shield with a check-mark.  Fair enough.

But other browsers also indicate a "broken lock" or something similar
when an https page sources plain http content (e.g. in an img,
stylesheet, or script).  This is to indicate to the user (who can't
tell which pieces of content are served over encrypted channels and
which ones are exposed in transit) that the rendered page is not
entirely confidential communication.

Konqueror does not display this state to the user, so konqueror users
are vulnerable to data being sent in the clear without their
knowledge.

Thanks for maintaining konqueror in debian,

       --dkg

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages konqueror depends on:
ii  install-info              4.13a.dfsg.1-5 Manage installed documentation in 
ii  kdebase-bin               4:4.3.4-1      core binaries for the KDE 4 base m
ii  kdebase-data              4:4.3.4-1      shared data files for the KDE 4 ba
ii  kdebase-runtime           4:4.3.4-2      runtime components from the offici
ii  kdelibs5                  4:4.3.4-3      core libraries for all KDE 4 appli
ii  libc6                     2.10.2-6       Embedded GNU C Library: Shared lib
ii  libkonq5                  4:4.3.4-1      core libraries for Konqueror
ii  libkonqsidebarplugin4     4:4.3.4-1      Konqueror sidebar plugin library
ii  libqt4-dbus               4:4.6.2-4      Qt 4 D-Bus module
ii  libqt4-qt3support         4:4.6.2-4      Qt 3 compatibility library for Qt 
ii  libqt4-xml                4:4.6.2-4      Qt 4 XML module
ii  libqtcore4                4:4.6.2-4      Qt 4 core module
ii  libqtgui4                 4:4.6.2-4      Qt 4 GUI module
ii  libstdc++6                4.4.2-9        The GNU Standard C++ Library v3
ii  libx11-6                  2:1.3.3-3      X11 client-side library

Versions of packages konqueror recommends:
ii  dolphin                       4:4.3.4-1  file manager for KDE 4
ii  konqueror-nsplugins           4:4.3.4-1  Netscape plugin support for Konque

Versions of packages konqueror suggests:
pn  konq-plugins                  <none>     (no description available)

-- no debconf information

Reply to:

Prev by Date: Bug#580401: libqyoto-cil-dev: error when trying to install together with various other packages
Next by Date: Bug#580438: phonon: Output device preferences are not applied
Previous by thread: Bug#580401: marked as done (libqyoto-cil-dev: error when trying to install together with various other packages)
Next by thread: Bug#580438: phonon: Output device preferences are not applied
Index(es):
- Date
- Thread