Regarding the option to block mixed images. Set about:config?filter=security.mixed_content.block_display_content to true
And yes quite few https sites would break as far as I've experienced. // Cork ----- Original Message ----- > From: [email protected] > To: "Patrick McManus" <[email protected]> > Cc: [email protected] > Sent: Tuesday, 23 September, 2014 8:08:17 PM > Subject: Mixed content (was: Indicators for high-security features) > I was hoping to learn that images too would get blocked. I'm not sure I can > think of all the ways to exploit this hole in security but certainly a > browser defect in image handling is one of them. > I'm sure blocking such http requests would break some sites but has anyone > performed research or analysis into how big the problem is? Is there a user > option to force them to be blocked? > I'm also curious how exhaustively the blocking rules get tested. With all > the levels of nesting that occur and caching and redirects and live > javascript stuff that take place on most every page load, it seems like > there certainly could be holes but I'd rather have hard facts. Anyone have > data on that? > Thank you! > From: Patrick McManus > Sent: Monday, September 22, 2014 7:29 AM > wrt http:// images from a https:// origin - the images do load but you get > the !-in-a-triangle mixed content icon instead of a lock. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
