To give a little background, when one connects to an HTTPS site, the data channel is encrypted
and authenticated. However, if the HTTPS site also serves HTTP content (so-called mixed
content), the unencrypted portion can be sniffed and hijacked by an attacker.
If that insecure content is active (i.e. has access to some or all of the document object model),
the attacker can potentially change the behavior of the HTTPS page and steal information.
Firefox has joined other browsers and now permits the blocking of mixed-content. However, this
feature is off by default until Firefox 23. Until then, one must turn the blocking on manually.
To turn it on, surf to about
:config and make the following change by double-clicking on
security.fileuri.strict_origin_policy default boolean true
security.mixed_content.block_active_content user set boolean true
security.mixed_content.block_display_content default boolean false
If interested, you can read a more detailed explanation here
TOTD=Tip of the Day