Affecting Non-SSL active content on SSL pages is blocked by default

Published: | Categories: Privacy & Security


Firefox 18 introduced preferences to block loading content from non-SSL (http) sites on SSL (https) pages. One of those preferences, security.mixed_content.block_active_content is now enabled by default in order to enhance user security. That means insecure scripts, stylesheets, plug-in contents, <iframe>, XMLHttpRequest, Web fonts (@font-face) and WebSockets are blocked on secure pages, and a notification is displayed instead. It will not block “display content” like images, videos or audio. See Tanvi Vyas’ blog post for details.

Mozilla is tracking mixed content issues found on major sites as well as its own properties.