[ Resolved ] What happened with ( most of ) the Avatars ? They are gone !

options >>> advanced

I don’t understand :-\

Your certificates was/is empty. I only have a list of organisations. DigiCertInc is the one from Avast.

Greetz, Red.

You’re welcome.

It is something to do with your security settings importing https into an http page (mixed security levels, etc.). I don’t recall when this use of http(s) for the location of the avatars happened or why, but it certainly had an immediate impact.

Firefox has different security settings, some say they are tighter others just say different. Very recently we had a case of avast alerting on an injected iframe on a web site, yet I and another user couldn’t replicate it as we were using firefox and only IE8 (in this instance) seem vulnerable to this injected iframe vulnerability.

No you don’t browse the forums in https, but the link to the avatars is https so you are effectively accessing a secure site/page and firefox expects a certificate to check. But for some reason it can’t check it, as there is now a valid certificate for the avast forums.

If you connect to the forums from an https link in a topic reply notification email, then firefox would have validated the certificate before opening an https page. Since you are already on an http page, this initial certificate check wouldn’t have taken place.

look, you must have clicked a link in https, sometimes it happens randomly on this forum and that’s when you get the alert, but I just tried manually, and I didn’t get any alert, the certificate is valid. I can’t see it stored either in Firefox; I don’t think that it needs to be stored at all, it will be rechecked online as needed.

edit: I guess it doesn’t need to be stored because there’s no exchange of personal data between you and the server. The cert will just be checked against the authority that delivered it and is well listed in Firefox if trusted. Your list of imported cert would become just uselessly huge with the time ;D

hey David that’s right I just checked avatars are on ssl :o …I just didn’t know that.

Ok, thank you very much DavidR, Logos and Tech. At least I understand now what the problem is, and what I can do about it :slight_smile:

Greetz, Red.

okay you’re welcome :wink:

http://forum.avast.com/index.php?topic=59111.msg528952#msg528952
asyn

I don’t believe that was always the way though, I think they just to be on http.

You’re welcome.

The main thing is that a) you have it sorted now and b) it has identified the exact cause, which may help others in the future should it happen again.