Compare Revisions
Template:aboutmixedcontent
Revision 107822:
Revision 107822 by tanvi on
Revision 107838:
Revision 107838 by heyjoni on
Keywords:
Search results summary:
This is a template
This is a template
Content:
<!-- Localizers: The content in this template originally came directly from the original mixed content article - https://support.mozilla.org/en-US/kb/how-does-content-isnt-secure-affect-my-safety -->
=What is mixed content?=
HTTP is a system for transmitting information from a web server to your browser. HTTP is not secure, so when you visit a page served over HTTP, your connection is open for eavesdropping and [http://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle attacks]. Most websites are served over HTTP because they don't involve passing sensitive information back and forth and do not need to be secured.
When you visit a page fully transmitted over HTTPS ([[How do I tell if my connection to a website is secure?#w_green-padlock|green padlock]] in the address bar), like your bank, your connection is authenticated and encrypted and hence safeguarded from eavesdroppers and man-in-the-middle attacks.
However, if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be [[How do I tell if my connection to a website is secure?|secure]], it isn't.
;[[Image:Mixed Content Requests]]
{note}'''Note:''' For more information about mixed content (active and passive), see [https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23 this blog post].{/note}
=What are the risks of mixed content?=
An attacker can replace the HTTP content on the page you're visiting in order to steal your credentials, take over your account, acquire sensitive data about you, or attempt to install malware on your computer.
<!-- Localizers: The content in this template originally came directly from the original mixed content article - https://support.mozilla.org/en-US/kb/how-does-content-isnt-secure-affect-my-safety -->
=What is mixed content?=
HTTP is a system for transmitting information from a web server to your browser. HTTP is not secure, so when you visit a page served over HTTP, your connection is open for eavesdropping and [http://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle attacks]. Most websites are served over HTTP because they don't involve passing sensitive information back and forth and do not need to be secured.
When you visit a page fully transmitted over HTTPS ([[How do I tell if my connection to a website is secure?#w_green-padlock|green padlock]] in the address bar), like your bank, your connection is authenticated and encrypted and hence safeguarded from eavesdroppers and man-in-the-middle attacks.
However, if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be [[How do I tell if my connection to a website is secure?|secure]], it isn't.
{note}'''Note:''' For more information about mixed content (active and passive), see [https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23 this blog post].{/note}
=What are the risks of mixed content?=
An attacker can replace the HTTP content on the page you're visiting in order to steal your credentials, take over your account, acquire sensitive data about you, or attempt to install malware on your computer.