Archive for April, 2013

FireFox 23 will be a Game Changer w/https sites

There’s an option in FF (version 18.0 and up) called:
security.mixed_content.block_active_content

When FF 23 is released (20.0 is the current release) this option will be enabled by default. What this means is ANY “mixed” https page will NOT load non https content.

So if you have constructed a site that has any http links in it and your site is on SSL (https) then users will experience “failures”.

QUES: Is this a good thing?

ANS: YES! Attacks using “bad links” are buried in https sites everywhere. You typically see a popup asking if you want to display the “non-https” content. When you do you take a BIG risk of infecting your system, getting hacked, etc. KUDOS to the FF team for taking this step to block non-https data by default!

I would strongly suggest you test this out NOW to make sure things will work right when FF 23 is released. Using FF 18.0 and up you simply need to:
A – key in about:config in the url/address line
B – search for the key: security.mixed_content.block_active_content
C – change the value to true

 

FYI – Chrome has already made such a change (you get a warning)..

 

, , , ,

Leave a comment