Firefox Add-On ErrorZilla breaks FF3 SSL error page


If you use the Firefox add-on ErrorZilla, which conveniently displays additional options (Try Again, Google Cache, Coralize, Wayback, Ping, Trace, and Whois buttons) when Firefox hits an error page, you may notice something frustrating happening in Firefox 3.

Firefox 3 handles “invalid” and self-signed SSL certificates differently than Firefox 2. In an effort to help the user take control of their own security, Firefox 3 will block the page with an error explaining why the certificate is invalid (“The certificate is not trusted because it is self signed.  Error code: sec_error_ca_cert_invalid”) – and provides a link (albeit a tiny one) that will allow the user to add an exception, allowing that SSL certificate to be accepted and the page to load.

If you have ErrorZilla installed and are running Firefox 3, you’ll actually get stuck and won’t be able to add the exception and therefore won’t be able to load the page. This can be a big problem if you’re running self-signed certificates to encrypt your cpanel/webmin/<other hosting management software> administration areas. Instead, what you see is something like this:

No option to add the exception.

Its unfortunate, since the ErrorZilla developers took the time to update the add-on to “work” with Firefox 3 (meaning it is able to be installed and doesn’t throw a version error), but I’m going to have to disable it until they have the SSL exceptions stuff sorted out.

On the plus side, Jay Baldwin posts to his blog (dated June 30, 2008) that he grok’s why it’s not working:

The main concern is that the error page is not considered trusted, so it has no ability to access resource:// script files, the local file system, chrome:// script files, direct to chrome:// pages, or the like, which means it is on the same security level as a foreign “public” website — it has no access to read from a config file in your Firefox profile or from the Preferences Service (about:config).

I’m still working on finding a way around this . . .  Hit me up in the comments if any of you could suggest a solution.  🙂

Which does, in fact, make sense.The site isn’t trusted, so its not allowed to access the styles used by ErrorZilla.

So – hit him up if you have any thoughts. 🙂