If you are a veteran Firefox user you may remember that Mozilla implemented options to block insecure contents from being loaded on https pages in Firefox 18. The feature has been disabled by default in the version of the browser and users who wanted to increase the security of it had to change the values of its parameters manually to do so.
So what does it do if enabled? Whenever you connect the browser to a secure webpage using SSL - you can confirm that by making sure the web address starts with https - only contents that use SSL should be loaded for security purposes. Websites sometimes load insecure contents, say a script using an http connection on secure sites. That's a security issue right there and the setting introduced in Firefox 18 prevents this from happening if enabled.
Here is a visualization of how this looks like. The insecure script that is loaded inside the secure iframe is not loaded when the feature is enabled.
After rigorous testing Mozilla decided to enable one of the two mixed content preferences in Firefox 23 by default. Firefox 23 is currently the version of the Nightly channel and it will take months before stable users of the browser will be upgraded to that version. Still, it is important to know that this is going to happen eventually.
The developers have integrated two mixed content preferences into the browser:
If you are running Firefox 18 or newer, you may modify the preferences at any time. Let me show you how to do so.
So, if you want to improve the security of your browser right away, set the active content parameter to true right away.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.