Security & Privacy Non-SSL active content on SSL pages is blocked by default
Bug 834836 – Turn on pref to block mixed active content
Firefox 18 introduced preferences to block loading content from non-SSL (http) sites on SSL (https) pages. One of those preferences will now be enabled by default in order to enhance user security. That means insecure scripts, stylesheets, plug-in contents, inline frames, Web fonts and WebSockets are blocked on secure pages, and a notification is displayed instead. It will not block "display content" like images, videos or audio.
It has long been the case that the more responsible browsers (including firefox) warned about mixed content. It has never been good to serve (eg) non-SSL images with an SSL page. I've had that warning enabled for years in firefox and only occasionally accept mixed content if I know the site well.
In any case, if a site is properly designed it should never serve mixed content.
It's good that FF now defaults to that mode but I wonder if they force it upon existing users after an update.
