04-11-2013 04:27 AM
There's an option in FF (version 18.0 and up) called:
security.mixed_content.block_active_content
When FF 23 is released (20.0 is the current release) this option will be enabled by default. What this means is ANY "mixed" https page will NOT load non https content.
So if you have constructed a site that has any http links in it and your site is on SSL (https) then users will experience "failures".
QUES: Is this a good thing?
ANS: YES! Attacks using "bad links" are buried in https sites everywhere. You typically see a popup asking if you want to display the "non-https" content. When you do you take a BIG risk of infecting your system, getting hacked, etc. KUDOS to the FF team for taking this step to block non-https data by default!