Future Firefox takes tougher stance on mixed content
Mozilla might be fine with mixed company, but it's not fond of mixed content. A new tool to block unsecured content on secure sites makes its debut in the latest update to Firefox Aurora.
Mozilla is taking steps to lock down mixed content Web sites for Firefox in an update Friday to Firefox 23 Aurora.
In Firefox 23 Aurora, the pre-beta version of the browser for Windows, Mac, and Linux, Mozilla will block by default mixed active content. Mixed content is a term that refers to a Web site secured with HTTPS that loads some of its content, such as images or scripts, from standard HTTP sources, and can lead to eavesdroppers and man-in-the-middle attacks.
Mixed active content describes things like scripts because they can actively change how you interact with the site. Mixed passive content, such as images, just sits there in most cases.
The mixed content blocker will give people a choice to disable it on a per-site basis, and load the potentially dangerous content. To disable it or learn more about the controls for a specific site, you can click on a shield that will appear on the left side of the location bar.
The browser also will introduce nine new Web developer tools, including a network monitor; a remote style editor for helping test the Web on mobile devices; an Options panel for turning tools on or off; the beginnings of SourceMap support for the Debugger tool; a Variables View for all tools; a Browser Console to replace the Error Console; an AppCache command for developers working with offline content; Web Console support in the Debugger Frame; and the ability to debug multiple tabs simultaneously.
Firefox 23 is expected to graduate to the stable version of the browser in about 12 weeks.