Firefox 23, codename: Aurora, is the latest build of one of the most popular browsers and includes a hefty security update: non-SSL contents on SSL pages are now blocked by default. Firefox 18 is where the SSL setting was introduced, but version 23 turns this setting on first run.
No ad to show here.
Let’s break this down. SSL at its simplest is a security protocol seen on, for instance, banking websites. Familiar with seeing “https” instead of “http”? That’s proof that the site you’re browsing will encrypt your personal data. The now-defunct Netscape was the first browser to use HTTPS.
If the site you’re browsing tries to run non-SSL content on an SSL-enabled page, a notification appears. Or as Firefox’s official development page says, “That means insecure scripts, style sheets, plug-in contents, inline frames, Web fonts and WebSockets are blocked on secure pages, and a notification is displayed instead.” This is instant peace of mind, an added layer of security without much added effort. It might piss off a few people, as some pages won’t run correctly with the non-SSL option turned on by default. Most developers will be happy though, best practice for secure pages calls for a fully locked-down environment anyway.
This is how the update explains it. “These methods now accept locales and options arguments, which let applications tailor their behavior.” As we said, minor update, but definitely useful. Developers have been asking for this one.
The final build of Firefox releases 6 August. Download Firexfox 23 and test out the non-SSL goodness for yourself.