{"id":1143,"date":"2013-06-27T14:28:21","date_gmt":"2013-06-27T21:28:21","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=1143"},"modified":"2013-06-27T14:28:21","modified_gmt":"2013-06-27T21:28:21","slug":"mixed-content-blocker-hits-firefox-beta","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/","title":{"rendered":"Mixed Content Blocker hits Firefox Beta!"},"content":{"rendered":"<p>The Mixed Content Blocker <a href=\"\/security\/2013\/05\/16\/mixed-content-blocking-in-firefox-aurora\/\">we described last month<\/a> is now available in Firefox Beta and is on track for a general release in August with Firefox 23. When secure HTTPS pages load additional content insecurely over HTTP (a.k.a. Mixed Content), users are vulnerable to man-in-the-middle and eavesdropping attacks. The Mixed Content Blocker will block insecure active content by default, protecting our users from these attacks.<\/p>\n<p><strong id=\"call-to-users\">Call to Users &#8211; Report problems<\/strong><br \/>\nIf you find a website that isn&#8217;t functioning correctly because it contains insecure content that is being blocked by the Mixed Content Blocker, please let us know by sending an email to <a href=\"mailto:security@mozilla.org\">security@mozilla.org<\/a> or commenting in our <a href=\"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=844556\">compatibility tracking bug<\/a><\/p>\n<p>How can you tell if a site has Mixed Content that Firefox has blocked? Look for this Shield Icon in the location bar.<\/p>\n<p><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1.jpg\"><img decoding=\"async\" loading=\"lazy\" class=\"alignright size-full wp-image-1183\" alt=\"Image: A small shield icon is shown before the web page address in the location bar when Firefox has blocked Mixed Active Content.\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1.jpg\" width=\"643\" height=\"86\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1.jpg 643w, https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1-252x33.jpg 252w, https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1-600x80.jpg 600w\" sizes=\"(max-width: 643px) 100vw, 643px\" \/><\/a><\/p>\n<p>If you&#8217;d like to contribute further and help us find compatibility issues you can participate in our <a href=\"https:\/\/quality.mozilla.org\/2013\/06\/mixed-content-blocking-test-day-july-1s\">QA test day<\/a> on Monday, July 1st.<\/p>\n<p><strong id=\"call-to-webdevs\">Call to Web Developers &#8211; Test your site with Firefox Beta<\/strong><br \/>\nIf you rely on HTTP resources in your HTTPS pages this feature might break your website. If you do find Mixed Content issues on your webpage in Firefox 23+, chances are that the same issues exist in Chrome and\/or Internet Explorer, who have also implemented this feature.<\/p>\n<p>The best way to tell if your site will load correctly in Firefox 23 is to <a href=\"https:\/\/www.mozilla.org\/en-US\/firefox\/channel\/#beta\">download the latest Firefox Beta<\/a> and browse through your website with the <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Tools\/Web_Console\">Web Console<\/a> open. Enable the &#8220;Security&#8221; messages in Web Console and check for messages about Mixed Content.<\/p>\n<p><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/WebConsoleMixedContentOutput.jpg\"><img decoding=\"async\" loading=\"lazy\" class=\"alignright size-full wp-image-1168\" alt=\"Image: The Web Console lists the Mixed Display Content that's loaded and the Mixed Active Content that's blocked.\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/WebConsoleMixedContentOutput.jpg\" width=\"989\" height=\"215\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/WebConsoleMixedContentOutput.jpg 989w, https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/WebConsoleMixedContentOutput-252x54.jpg 252w, https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/WebConsoleMixedContentOutput-600x130.jpg 600w\" sizes=\"(max-width: 989px) 100vw, 989px\" \/><\/a><\/p>\n<p>If you want to test your site in a more automated fashion, you can try using <a href=\"https:\/\/code.google.com\/p\/skipfish\/\">Skipfish<\/a>, a web application security tool. Skipfish has a -M option that will report mixed content issues on your webpage.<\/p>\n<p>To fix your site, simply replace http:\/\/ links with their https:\/\/ equivalents on your SSL pages. You can also use <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Security\/MixedContent\/fix_website_with_mixed_content#How_to_fix_your_website\">protocol-relative links<\/a> if you use the same source code to serve your HTTP and HTTPS website.<\/p>\n<p>If the Mixed Content resources on your page come from a third party, there is a chance that the HTTPS equivalent version already exists. For example, youtube.com has both HTTP and HTTPS video embed options. If the HTTPS version does not exist, consider contacting the third party (especially if they are one of your partners) and ask them to provide an HTTPS version of the content.<\/p>\n<p><strong id=\"call_to_contributors\">Call to Contributors &#8211; Contact Sites<\/strong><br \/>\nWe&#8217;ve been working on site compatibility issues, trying to find websites that are affected by the Mixed Content Blocker and alert them before Firefox 23 is released in August. However, finding accurate contact information for the affected sites has been a difficult task. And we could really use some help \ud83d\ude09<\/p>\n<p>If you would like to contribute, please take a look at the <a href=\"https:\/\/bugzilla.mozilla.org\/showdependencytree.cgi?id=844556&amp;hide_resolved=1\">list of affected sites<\/a> and see if you can contact their website administrators and inform them of the Mixed Content compatibility issues that they are about to run into with Firefox 23 (and likely already have with Chrome or Internet Explorer). If you are able to find contact information and\/or alert the website please let us know in the associated bug.<\/p>\n<p>You can also help find more affected sites by participating in our <a href=\"https:\/\/quality.mozilla.org\/2013\/06\/mixed-content-blocking-test-day-july-1s\">QA test day<\/a> on Monday, July 1st.<\/p>\n<p><strong>Want to Learn More?<\/strong><br \/>\nCheck out a more detailed blog post on this feature <a href=\"https:\/\/blog.mozilla.org\/tanvi\/2013\/04\/10\/mixed-content-blocking-enabled-in-firefox-23\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Mixed Content Blocker we described last month is now available in Firefox Beta and is on track for a general release in August with Firefox 23. When secure HTTPS &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/\">Read more<\/a><\/p>\n","protected":false},"author":412,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mixed Content Blocker hits Firefox Beta! - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tanvi Vyas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/\",\"name\":\"Mixed Content Blocker hits Firefox Beta! - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1.jpg\",\"datePublished\":\"2013-06-27T21:28:21+00:00\",\"dateModified\":\"2013-06-27T21:28:21+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/94b89a1b3d28fe214eb7543734810143\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1.jpg\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1.jpg\",\"width\":643,\"height\":86,\"caption\":\"Image: A small shield icon is shown before the web page address in the location bar when Firefox has blocked Mixed Active Content.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mixed Content Blocker hits Firefox Beta!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/94b89a1b3d28fe214eb7543734810143\",\"name\":\"Tanvi Vyas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/bd13e40bb691b46158cd2d4da792993d\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9f4d447f27c116342ba41a747802372d?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9f4d447f27c116342ba41a747802372d?s=96&d=identicon&r=g\",\"caption\":\"Tanvi Vyas\"},\"description\":\"Security\/Privacy Engineer and Tech Lead at Mozilla - @TanviHacks\",\"sameAs\":[\"https:\/\/blog.mozilla.org\/tanvi\/\",\"https:\/\/x.com\/@TanviHacks\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mixed Content Blocker hits Firefox Beta! - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/","twitter_misc":{"Written by":"Tanvi Vyas","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/","url":"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/","name":"Mixed Content Blocker hits Firefox Beta! - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1.jpg","datePublished":"2013-06-27T21:28:21+00:00","dateModified":"2013-06-27T21:28:21+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/94b89a1b3d28fe214eb7543734810143"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#primaryimage","url":"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1.jpg","contentUrl":"https:\/\/blog.mozilla.org\/security\/files\/2013\/06\/FigureA1.jpg","width":643,"height":86,"caption":"Image: A small shield icon is shown before the web page address in the location bar when Firefox has blocked Mixed Active Content."},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2013\/06\/27\/mixed-content-blocker-hits-firefox-beta\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Mixed Content Blocker hits Firefox Beta!"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/94b89a1b3d28fe214eb7543734810143","name":"Tanvi Vyas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/bd13e40bb691b46158cd2d4da792993d","url":"https:\/\/secure.gravatar.com\/avatar\/9f4d447f27c116342ba41a747802372d?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9f4d447f27c116342ba41a747802372d?s=96&d=identicon&r=g","caption":"Tanvi Vyas"},"description":"Security\/Privacy Engineer and Tech Lead at Mozilla - @TanviHacks","sameAs":["https:\/\/blog.mozilla.org\/tanvi\/","https:\/\/x.com\/@TanviHacks"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1143"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/412"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=1143"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1143\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=1143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=1143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=1143"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=1143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}