While trying to make a purchase, I noticed that Firefox flagged the web page with insecure mixed content. However, the browser info contradicts the official documentation… (read more)
While trying to make a purchase, I noticed that Firefox flagged the web page with insecure mixed content. However, the browser info contradicts the official documentation.
The browser states, "Information you submit could be viewed by others (like passwords, messages, credit cards, etc.). Your connection is not private and information you share with the site could be viewed by others."
Yet according to the documentation, the orange triangle icon indicates passive mixed content. It states, "Attackers may be able to manipulate parts of the page like displaying misleading or inappropriate content, but they should not be able to steal your personal data from the site."
This seems like a contradiction. The browser is telling us that our information could be compromised, while the documentation states that attackers should not be able to access personal data.
Can you please clarify which one is correct? Also, if the browser is misleading, it should be corrected in a future update. If the problem is with the documentation, it should be updated.
BTW, I noticed that the website had Google Analytics objects embedded. Could that be the source of the insecure HTTP content?
Can websites with passive mixed media content be trusted with sensitive data?