Revision Information

Revision id: 48548
Created: Oct 23, 2013, 8:16:20 AM
Creator: Roland Tanglao
Comment: DO NOT APPROVE - WORK IN PROGRESS!
Reviewed: No
Ready for localization: No

Revision Source

{for not m25}
[[T:ApplyToFx|channel=Beta|slug=beta]]
{/for}
When you see the shield icon in the address bar, it means that Firefox for Android has blocked content that is insecure on the page you're visiting. We'll explain what that means and what options you have.<br><br>
[[Image:firefox has blocked content that is not secure]]
=What is mixed content?=
When you visit a page served over [http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol HTTP], your connection is open for eavesdropping and [http://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle] attacks. Most websites are served over HTTP because they don't involve passing sensitive information back and forth and do not need to be secured. When you visit a page fully served over [http://en.wikipedia.org/wiki/HTTP_Secure HTTPS] (you see a gray padlock <br /><br />[[Image:gray-padlock-jellybean]]<br /><br />or you see a green padlock<br /><br />[[Image:green-padlock-jellybean]]<br /><br />in the address bar), like your bank, your connection is authenticated and encrypted and hence safeguarded from eavesdroppers and man-in-the-middle attacks.

However, if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS.  When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be secure, it isn't.
:;[[Image:Mixed Content Requests]]

The Mixed Content Blocker blocks potentially harmful HTTP content on HTTPS pages.
{note}'''Note:''' For more information about Mixed Content (active and passive), see [https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23 this blog post].{/note}

Revision Content

The template "ApplyToFx" does not exist or has no approved revision.

When you see the shield icon in the address bar, it means that Firefox for Android has blocked content that is insecure on the page you're visiting. We'll explain what that means and what options you have.

What is mixed content?

When you visit a page served over HTTP, your connection is open for eavesdropping and man-in-the-middle attacks. Most websites are served over HTTP because they don't involve passing sensitive information back and forth and do not need to be secured. When you visit a page fully served over HTTPS (you see a gray padlock

or you see a green padlock

in the address bar), like your bank, your connection is authenticated and encrypted and hence safeguarded from eavesdroppers and man-in-the-middle attacks.

However, if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be secure, it isn't.

The Mixed Content Blocker blocks potentially harmful HTTP content on HTTPS pages.

Note: For more information about Mixed Content (active and passive), see this blog post.

Search Support

Mixed content blocker in Firefox for Android

What is mixed content?

Explore by product

Explore by topic

Browse by product

Browse all forum threads by topic

Get help with

Search Support

Mixed content blocker in Firefox for Android

What is mixed content?