Bug#580420: konqueror does not report cleartext content in https pages
Package: konqueror
Version: 4:4.3.4-1
Severity: normal
Most web browsers show a lock and/or change the address bar to
indicate that an https site has been connected to via TLS. konqueror
shows (afaict) a green shield with a check-mark. Fair enough.
But other browsers also indicate a "broken lock" or something similar
when an https page sources plain http content (e.g. in an img,
stylesheet, or script). This is to indicate to the user (who can't
tell which pieces of content are served over encrypted channels and
which ones are exposed in transit) that the rendered page is not
entirely confidential communication.
Konqueror does not display this state to the user, so konqueror users
are vulnerable to data being sent in the clear without their
knowledge.
Thanks for maintaining konqueror in debian,
--dkg
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages konqueror depends on:
ii install-info 4.13a.dfsg.1-5 Manage installed documentation in
ii kdebase-bin 4:4.3.4-1 core binaries for the KDE 4 base m
ii kdebase-data 4:4.3.4-1 shared data files for the KDE 4 ba
ii kdebase-runtime 4:4.3.4-2 runtime components from the offici
ii kdelibs5 4:4.3.4-3 core libraries for all KDE 4 appli
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii libkonq5 4:4.3.4-1 core libraries for Konqueror
ii libkonqsidebarplugin4 4:4.3.4-1 Konqueror sidebar plugin library
ii libqt4-dbus 4:4.6.2-4 Qt 4 D-Bus module
ii libqt4-qt3support 4:4.6.2-4 Qt 3 compatibility library for Qt
ii libqt4-xml 4:4.6.2-4 Qt 4 XML module
ii libqtcore4 4:4.6.2-4 Qt 4 core module
ii libqtgui4 4:4.6.2-4 Qt 4 GUI module
ii libstdc++6 4.4.2-9 The GNU Standard C++ Library v3
ii libx11-6 2:1.3.3-3 X11 client-side library
Versions of packages konqueror recommends:
ii dolphin 4:4.3.4-1 file manager for KDE 4
ii konqueror-nsplugins 4:4.3.4-1 Netscape plugin support for Konque
Versions of packages konqueror suggests:
pn konq-plugins <none> (no description available)
-- no debconf information
Reply to: