Fx Nightly treats plain HTTP pages with pw form as insecure

Talk about internet security, computer security, personal security, your social security number...
Post Reply
barbaz
Senior Member
Posts: 9144
Joined: Sat Aug 03, 2013 5:45 pm

Fx Nightly treats plain HTTP pages with pw form as insecure

Post by barbaz » Wed Oct 21, 2015 4:55 pm

Saw this link on mozillaZine and thought it'd be worth noting here:
https://ma.ttias.be/firefox-nightly-starts-marking-login-forms-in-http-as-insecure/
I think this is good change. Will SeaMonkey inherit this (or port it)?


(Obviously, Giorgio's sites will be unaffected.)
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Fx Nightly treats plain HTTP pages with pw form as insec

Post by GµårÐïåñ » Wed Oct 21, 2015 8:10 pm

Yes, Mozilla now opting to mark any HTTP page that transmits passwords as insecure. It follows a move by Google to mark any HTTPS site that has ANY HTTP content as insecure as well by removing its lock icon. Before it would show yellow partial but they decided that was too confusing and hurt the site owners, so they just now display them with the same icon as HTTP, no harm no foul they say, that way the site has a chance to clean up their HTTPS mix without looking like the bad guys and the users go on with their lives as they normally do with nothing to confuse them. Pros and Cons to all of their collective approaches.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36

Post Reply