X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Mixed SSL content not blocked by Firefox

Posted

This is a long standing problem for Firefox and makes me stay away from it for any online commerce/banking transactions. Internet Explorer is the safest in this case as it gives the user an option to block the insecure content before loading it, but Firefox just shows a useless mixed content warning but still loads the insecure page. I have seen bugzilla items pointing to this and Mozilla's stringent 'NO' to fixing this glaring security hole. I want to know when this issue will be resolved and what is Mozilla doing in the interim to thwart problems with such sites?

Additional System Details

Sites Affected

http://

Installed Plug-ins

  • Google Update
  • Shockwave Flash 11.4 r402
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.4
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.5.635
  • 4.1.10111.0
  • NPRuntime Script Plug-in Library for Java(TM) Deploy

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0

More Information

philipp
  • Top 10 Contributor
  • Moderator
2046 solutions 8901 answers

hey techybrainz, this is probably the wrong place to get this question answered, since it is essentially a users-helping-users forum & developers won't read here... please go to firefox > help > send feedback to make suggestions or request features.

but from what i can read out of the relevant bugzilla entries, there is no 'NO' on this item, quite the opposite ("We really want this, but we need the core bugs fixed to allow this..."). those outstanding core-bugs apparently got fixed and will land in firefox 18, so there is a good chance that this can actually be implemented afterwards...

Question owner

Hey madperson, thanks for the quick and encouraging response. Excuse me for the delayed response. Have put a complaint via the Help->Feedback method. Must admit that I am a bit surprised that none of the devs give this forum a visit. 321022 is the one I was referring in bugzilla. I see that the dependencies are crossed out as done (you are right, and its vide Firefox 18) around September, but there is no traction on implementing 321022 as its still un-assigned.

Modified by techybrainz

cor-el
  • Top 10 Contributor
  • Moderator
10756 solutions 96800 answers

See also bug 62178 (implement mechanism to prevent sending insecure requests from a secure context)

(please do not comment in bug reports)

philipp
  • Top 10 Contributor
  • Moderator
2046 solutions 8901 answers

Helpful Reply

hello, starting with firefox 18 this feature will begin landing in the browser. https://blog.mozilla.org/futurereleases/2012/11/26/firefox-beta-adds-ionmonkey-to-improve-javascript-performance/

in about:config you can toggle security.mixed_content.block_active_content & security.mixed_content.block_display_content to true, at a later stage there will also be a visual UI created fro mixed content (see bug #782654 & the design specs pdf)