RealTime IT News

Mozilla Firefox 23 Will Block Mixed SSL Content

firefoxFrom the 'open source browser' files:

A big change is coming for Mozilla Firefox 23 that will force a best practice on web users that is long overdue.

Many websites have long mixed SSL content with non-SSL content on the same page.

That's bad.

It's bad because it effectively nullifies the benefit of having SSL in the first place as the non-encrypted material is likely still valuable (and there is also the likely possibility that a session cookie with login info is part of the non-SSL mix).

The correct best practice is to not mix SSL with non-SSL on the same page, which is something that Firefox 23 will enforce by default.

The

security.mixed_content.block_active_content

preference in Firefox will be on by default in Firefox 23.

"That means insecure scripts, stylesheets, plug-in contents, inline frames, Web fonts and WebSockets are blocked on secure pages, and a notification is displayed instead," Mozilla developer, Norbert Yoshino wrote in a blog post.

No, this will not break the web. It will secure it.

There was a time when SSL really represented a performance overhead for websites and that's why there was a lot of mixed content. That's not really the case anymore and the time for mixed SSL content is now past due.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network,  the network for technology professionals Follow him on Twitter @TechJournalist.

Comment and Contribute