Last Comment Bug 844556 - [tracking] compatibility issues with mixed content blocker on non-Mozilla websites
: [tracking] compatibility issues with mixed content blocker on non-Mozilla web...
Status: NEW
: site-compat
Product: Tech Evangelism
Classification: Other
Component: Desktop (show other bugs)
: unspecified
: All All
: -- normal with 5 votes (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: Mihai Morar, (:MihaiMorar)
Mentors:
Depends on: 862750 872099 877443 877449 877736 877754 877756 879072 879075 881786 887430 888790 888942 889013 889067 889079 892770 893428 895576 896745 897754 898111 900440 903876 904807 910710 911861 961700 975929 654914 844555 861253 861753 861961 862164 863054 863517 864139 864787 866986 873818 873887 877406 877741 877753 877758 877761 877763 878121 879066 879069 879077 879080 879081 880885 881485 883692 884197 885922 886592 888428 888940 888941 888984 889010 889035 889170 890898 892810 892976 895574 896746 897064 898399 898938 899140 900449 900458 900465 902905 905183 906308 906447 909761 911977 916103 916783 917240 920536 921759 955864 989830 996454 1004730 1153536
Blocks: MixedContentBlocker 907361
  Show dependency treegraph
 
Reported: 2013-02-23 20:36 PST by Brian Smith (:briansmith, :bsmith, use NEEDINFO?)
Modified: 2016-01-25 03:27 PST (History)
55 users (show)
jaquezjulio77: needinfo? (brian)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Domains that trigger mixed content blocker (7.46 KB, text/plain)
2013-05-06 17:08 PDT, Matt Wobensmith [:mwobensmith][:matt:]
no flags Details
Spreadsheet of top broken sites, with additional data (11.21 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet)
2013-06-04 15:28 PDT, Matt Wobensmith [:mwobensmith][:matt:]
no flags Details
Sites were Mixed Active Content only appeared on 1 or 2 browses, but not all 3. (193.57 KB, application/zip)
2013-06-07 10:52 PDT, Tanvi Vyas - out until 6/27 [:tanvi]
no flags Details

Description Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2013-02-23 20:36:33 PST
+++ This bug was initially created as a clone of Bug #844555 +++

This bug tracks issues with *non-Mozilla* sites that have their functionality broken by the mixed content blocker until the user chooses "disable protection for this page" in the mixed content blocker, or where the page is broken and the "disable protection for this page" button does not fix the problem.

Bug 843977 is about mixed content issues on *.mozilla.org. That is separated from this bug because I expect us to be able to fix our own websites, and because we must fix our own websites so they work with IE, Chrome and other browsers too. Please file your bugs for Mozilla websites blocking bug 843977, not blocking this bug.

I expect a combination of bug fixes (making mixed content blocker smarter), evangelism (convincing websites to fix their mixed content security issues), and selectively-applied apathy (letting the website break) will be necessary to resolve these issues.
Comment 1 Matt Wobensmith [:mwobensmith][:matt:] 2013-05-06 17:08:13 PDT
Created attachment 746148 [details]
Domains that trigger mixed content blocker

This list was compiled after running m-c through top 1000 domains, with blocking of both active and display content enabled.

Note that some domains are represented twice, both with or without "www" token.
Comment 2 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2013-05-06 17:32:09 PDT
(In reply to Matt Wobensmith from comment #1)
> Created attachment 746148 [details]
> This list was compiled after running m-c through top 1000 domains, with
> blocking of both active and display content enabled.

This is great work!

However, I think it is a little misleading as far as the user impact goes. For example, http://imgur.com/ might be a top-1000 site but https://imgur.com/ might never be used, even though it happens to kind of have "worked" in older versions of Firefox. And, in fact, https://imgur.com/ is "broken" consistently (AFAICT) between MSIE, Firefox, and Chrome. IMO, that consistency indicates that we are doing the right thing (and that previously we were doing the wrong thing).

I think the next step would be to go through the 103 URLs in the list in Google Chrome and see which ones render/behave differently between Chrome and Firefox. I picked Chrome specifically because our mixed content blocker is more strict than Chrome's blocker, so our blocker should break more pages than Chrome's blocker does. I picked 10 of the 103 URLs and found Chrome was very clearly also broken in 8 of them (https://www.sergey-mavrodi.com and https://pogo.com were not obviously broken in Chrome, but neither were they clearly broken in Firefox either, despite triggering the blocker icon in both).

Anyway, again, awesome work!
Comment 3 Ben Turner (not reading bugmail, use the needinfo flag!) 2013-05-16 23:16:06 PDT
https://nytimes.com seems to have no css when mixed content is blocked.
Comment 4 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2013-05-18 21:23:18 PDT
(In reply to ben turner [:bent] from comment #3)
> https://nytimes.com seems to have no css when mixed content is blocked.

Thanks. That's already being tracked in bug 862164, though the main reason it is problematic is actually bug 769994.
Comment 5 Chris Peterson [:cpeterson] 2013-05-21 12:06:59 PDT
Omnigroup blog can't load embedded Vimeo videos:

https://www.omnigroup.com/blog/entry/omnipresence-document-syncing-ships-this-week

[11:43:38.162] GET http://player.vimeo.com/video/66598535 [Mixed Content] [HTTP/1.1 200 OK 273ms]

If you load the http:// version of the Omnigroup blog or "Disable Protection on This Page", then the video loads as expected.
Comment 6 Morpheus3k 2013-05-22 01:55:14 PDT
This site is broken:
https://www.domaintechnik.at/
Comment 7 Mike Kaply [:mkaply] 2013-05-24 05:45:44 PDT
FYI, if any site is serving their images from Amazon Cloudfront using a custom CNAME that maps the Cloudfront domain to their own domain, they can't be served as https (Cloudfront doesn't allow you to install an SSL cert).

So that might be a reason for a lot of breakage.

See: https://forums.aws.amazon.com/thread.jspa?threadID=87319
Comment 8 Brandon Park 2013-05-24 14:00:21 PDT
This website is broken:
https://www.aeriagames.com/

I've already tested it using Firefox in safe mode, but it still doesn't show its CSS unless I stop blocking the mixed content.
Comment 9 Tanvi Vyas - out until 6/27 [:tanvi] 2013-05-28 15:43:44 PDT
In the google reader bug (Bug 844555), a user has reported an issue with another feed reader:

> This problem is not specific to Google Reader, I noticed this with another
> feed reader https://www.newsblur.com/site/903/i-can-has-cheezburger

Noting it here so that we remember to follow-up and file a bug.
Comment 10 Brandon Park 2013-05-29 11:40:38 PDT
Part of Youtube is broken. When going to edit a video from your video manager it blocks the video. Below are two pictures one being without the video with mixed content blocker on, and the other with the video and with mixed content blocker disabled on the website.

Without Video: http://flickr.com/gp/96676561@N06/84js6r

With Video: http://flickr.com/gp/96676561@N06/71Q7sU
Comment 11 Matt Wobensmith [:mwobensmith][:matt:] 2013-05-29 14:18:32 PDT
The attachment here contains domains that were taken from Alexa's top 1000. Using Alexa's list, we ran a test to determine how many of those sites could be determined to be broken under new mixed content rules.

Of the 77 sites we found broken:
    •    60 sites ALL 3 browsers are blocking
    •    12 sites Not blocked on just Chrome (IE and Firefox block)
    •    3 sites not blocked on IE (Chrome and Firefox block)
    •    2 sites not blocked on IE or Chrome (only Firefox blocks)

We are continuing to drill down on affected sites and will be filing bugs on each one of them separately.
Comment 12 Brandon Park 2013-05-31 11:43:17 PDT
https://www.real.com/ doesn't load properly.
Comment 13 Brandon Park 2013-05-31 19:59:28 PDT
The Youtube video walkthrough on this page doesn't appear with mixed content blocker on.https://support.us.playstation.com/app/answers/detail/a_id/1488/kw/safe%20mode
Comment 14 Matt Wobensmith [:mwobensmith][:matt:] 2013-06-04 15:28:29 PDT
Created attachment 758260 [details]
Spreadsheet of top broken sites, with additional data

Adding spreadsheet of sites from Alexa top 1000 that have broken, as per Tanvi.
Comment 15 Tanvi Vyas - out until 6/27 [:tanvi] 2013-06-04 17:14:06 PDT
(In reply to Matt Wobensmith from comment #14)
> Created attachment 758260 [details]
> Spreadsheet of top broken sites, with additional data
> 
> Adding spreadsheet of sites from Alexa top 1000 that have broken, as per
> Tanvi.

The spreadsheet shows the breakdown for the:
* 12 sites Not blocked on just Chrome (IE and Firefox block)
* 3 sites not blocked on IE (Chrome and Firefox block)
* 2 sites not blocked on IE or Chrome (only Firefox blocks)


We also included and filed bugs for www.dell.com, espn.go.com, www.samsung.com, even though all 3 browser blocked them.
Comment 16 Tanvi Vyas - out until 6/27 [:tanvi] 2013-06-07 10:52:03 PDT
Created attachment 759820 [details]
Sites were Mixed Active Content only appeared on 1 or 2 browses, but not all 3.

Updated the spreadsheet a bit.
Comment 17 Brandon Park 2013-06-10 13:30:02 PDT
This webpage doesn't work with Mixed Content Blocker on.
https://www.apple.com/apple-events/june-2013/
Comment 18 Tanvi Vyas - out until 6/27 [:tanvi] 2013-06-11 14:24:37 PDT
I'm going to start adding some whiteboard flags to the dependent bugs as we file them.

* [mcb-no-contact] - we don't have an email address for the third party
* [mcb-thirdparty-notified] - we emailed the third party
* [mcb-chrome] - chrome's mcb blocked the content too
* [mcb-chrome-29+] - chromes new version of mcb in chrome canary/29 will block the content too
* [mcb-ie] - IE blocks the content too
* [mcb-frame-descendants] - this occurs when the parent page is HTTP and the Mixed Content Blocker is still invoked because of an HTTPS iframe (frame descendants rule)
* [mcb-ie?] - We aren't sure if IE blocks the content
* [mcb-chrome?] - we aren't sure if Chrome blocks the content
Comment 19 Tanvi Vyas - out until 6/27 [:tanvi] 2013-06-11 14:59:44 PDT
One more whiteboard flag...
[mcb-ads-only]
Comment 20 Brandon Park 2013-06-12 21:58:38 PDT
Mixed Content Blocker blocks the download button on Adobe downloads on https://www.adobe.com/
Comment 21 therube 2013-06-19 10:09:40 PDT
http://www.apple.com/itunes/download/

(And I would suspect other apple.com product downloads.)

There is no notification at all in FF 24.
(Not really familiar with FF, so don't know if there should be.)

SeaMonkey 20 does give you a notification that something may be amiss.

Mozilla/5.0 (Windows NT 5.1; rv:23.0) Gecko/20100101 Firefox/23.0 SeaMonkey/2.20a2
Build identifier: 20130619013001

Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20130619 Firefox/24.0
Comment 22 therube 2013-06-19 10:15:23 PDT
What I just posted may be covered by:
Bug 864787 - iTunes (Apple) download won't start with FireFox Nightly build

Ah, I now see that is already listed as a Depends.

Sorry about that.
Comment 23 Matt Wobensmith [:mwobensmith][:matt:] 2013-06-19 12:00:07 PDT
Hi Brandon, re: comment 20: 

I don't see any content blocked on https://www.adobe.com, nor do I see the mixed content UI. Can you be more precise as to which content/URLs might be blocked on that page? Thank you very much.
Comment 24 Matt Wobensmith [:mwobensmith][:matt:] 2013-06-19 13:28:37 PDT
Never mind - I found one page on Adobe's site that shows the problem: https://get.adobe.com/flashplayer/

I'll get a bug filed and contact them. Thank you!
Comment 25 therube 2013-06-21 09:06:18 PDT
https://www.lexisnexis.com/en-us/home.page

Upper right of the page, there should be a search box that fails to display.
Comment 26 Tanvi Vyas - out until 6/27 [:tanvi] 2013-06-24 16:08:09 PDT
(In reply to therube from comment #25)
> https://www.lexisnexis.com/en-us/home.page
> 
> Upper right of the page, there should be a search box that fails to display.

Filed bug 886592.  This is because of Mixed Content javascript and css, so should be an issue on all 3 browsers (Chrome, Firefox, and IE).
Comment 27 Brandon Park 2013-07-07 22:14:53 PDT
This webpage doesn't load the feedback form. On the bottom there should be a box for feedback and a drop down menu that lets you choose the topic of your feedback. With Mixed Content Blocker on it blocks the feedback form.

https://us.playstation.com//community/feedback/
Comment 28 Tanvi Vyas - out until 6/27 [:tanvi] 2013-07-09 13:25:19 PDT
(In reply to Brandon Park from comment #27)
> This webpage doesn't load the feedback form. On the bottom there should be a
> box for feedback and a drop down menu that lets you choose the topic of your
> feedback. With Mixed Content Blocker on it blocks the feedback form.
> 
> https://us.playstation.com//community/feedback/

Covered in bug 879081.
Comment 29 Brandon Park 2013-07-12 22:42:27 PDT
https://www.ea.com/ doesn't load properly.
Comment 30 numerelle 2013-07-16 15:22:44 PDT
https://youtube.com videos (example:https://www.youtube.com/watch?v=Vz3pdjd8So8) + THIS BOOKMARKLET:

javascript:%20/*___Dirpy_Studio_Bookmarklet___*/(function(){var%20b=document.getElementsByTagName("head")[0];var%20c=new%20Date().getTime();var%20a=document.createElement("script");a.src="http://dirpy.com/js/studio-bookmarklet.js?"+c;a.onload=a.onreadystatechange=function(){if(!loaded&&(!this.readyState||this.readyState=="loaded"||this.readyState=="complete")){a.onload=a.onreadystatechange=null;b.removeChild(a)}};b.appendChild(a)})();

It gives me a content blocker message, when I click on allow on page, it refreshes and still blocks the bookmarklet
Firefox 24 Aurora
Comment 32 Tanvi Vyas - out until 6/27 [:tanvi] 2013-07-18 12:45:09 PDT
(In reply to Brandon Park from comment #29)
> https://www.ea.com/ doesn't load properly.
Filed Bug 895574.
Comment 33 Tanvi Vyas - out until 6/27 [:tanvi] 2013-07-18 12:46:46 PDT
(In reply to numerelle from comment #30)
> It gives me a content blocker message, when I click on allow on page, it
> refreshes and still blocks the bookmarklet
> Firefox 24 Aurora

Issues with Mixed Content Blocker and bookmarklets are covered in bug https://bugzilla.mozilla.org/show_bug.cgi?id=886663.
Comment 34 Tanvi Vyas - out until 6/27 [:tanvi] 2013-07-18 12:50:27 PDT
(In reply to Tanvi Vyas [:tanvi] from comment #31)
> Mixed Active Content on https://www.kaskus.co.id/ - 

Filed bug 895576.
Comment 35 raymond [:retornam] (needinfo? me) 2013-07-18 14:53:19 PDT
Mixed active content on https://mozilla.kanbanery.com/projects/33256/board/
Blocked loading mixed active content "http://www.googleadservices.com/pagead/conversion.js" @ https://mozilla.kanbanery.com/projects/33256/board/
Comment 36 Tanvi Vyas - out until 6/27 [:tanvi] 2013-07-18 14:59:10 PDT
(In reply to raymond [:retornam] from comment #35)
> Mixed active content on https://mozilla.kanbanery.com/projects/33256/board/
> Blocked loading mixed active content
> "http://www.googleadservices.com/pagead/conversion.js" @
> https://mozilla.kanbanery.com/projects/33256/board/

Looks like I need a login to access this.  Is this a mozilla website?  Or an external website?
Comment 37 raymond [:retornam] (needinfo? me) 2013-07-19 07:59:03 PDT
(In reply to Tanvi Vyas [:tanvi] from comment #36)
> (In reply to raymond [:retornam] from comment #35)
> > Mixed active content on https://mozilla.kanbanery.com/projects/33256/board/
> > Blocked loading mixed active content
> > "http://www.googleadservices.com/pagead/conversion.js" @
> > https://mozilla.kanbanery.com/projects/33256/board/
> 
> Looks like I need a login to access this.  Is this a mozilla website?  Or an
> external website?

This is an external website used by the Web Production team. I've emailed Mike Alexis(cc'ed you) to create an account for you.
Comment 38 Selim Şumlu 2013-07-21 06:33:14 PDT
Cannot enter credit card info on https://www.lensal.com/odeme.aspx (A Turkish contact lens shopping site). "disable protection for this page" doesn't help, making it impossible to complete the order.
Comment 39 sadam36 2013-07-21 11:49:29 PDT
https://opendesktop.org/ seems to be broken in nightly 25.0a1.
Comment 40 sicknero 2013-07-22 01:37:38 PDT
Gizmo's freeware site/forum is broken by the mixed-content blocker. It fails to display, shows the shield mentioned in the article, and then displays correctly when the mixed-content blocker is disabled for the site.

https://www.techsupportalert.com/

Sorry if this has been reported already, I did a quick search but couldn't see it anywhere.
Comment 41 Tanvi Vyas - out until 6/27 [:tanvi] 2013-07-22 16:45:31 PDT
(In reply to Selim Sumlu from comment #38)
> Cannot enter credit card info on https://www.lensal.com/odeme.aspx (A
> Turkish contact lens shopping site). "disable protection for this page"
> doesn't help, making it impossible to complete the order.

This is difficult to test without a login (and without a familiarity with Turkish).  Can you tell us what content is blocked (Open the Developer Tools -> Webconsole and copy the contents from the "Security" pane)?

On the non-credit card pages, I see that jquery is blocked:
Blocked loading mixed active content "http://code.jquery.com/jquery.min.js" @ https://www.lensal.com/uye-giris?gelen=sp

Perhaps you could also help us out by contacting the site and letting them know about this issue (perhaps there is contact information somewhere on the site)?

Thanks for your help and for reporting this issue!
Comment 42 Selim Şumlu 2013-07-22 23:08:03 PDT
(In reply to Tanvi Vyas [:tanvi] from comment #41)
> (In reply to Selim Sumlu from comment #38)
> > Cannot enter credit card info on https://www.lensal.com/odeme.aspx (A
> > Turkish contact lens shopping site). "disable protection for this page"
> > doesn't help, making it impossible to complete the order.
> 
> This is difficult to test without a login (and without a familiarity with
> Turkish).  Can you tell us what content is blocked (Open the Developer Tools
> -> Webconsole and copy the contents from the "Security" pane)?
> 
> On the non-credit card pages, I see that jquery is blocked:
> Blocked loading mixed active content "http://code.jquery.com/jquery.min.js"
> @ https://www.lensal.com/uye-giris?gelen=sp
> 
> Perhaps you could also help us out by contacting the site and letting them
> know about this issue (perhaps there is contact information somewhere on the
> site)?
> 
> Thanks for your help and for reporting this issue!

Looks like it's only jQuery. You may ha ve a look at http://img543.imageshack.us/img543/9889/2rq3.jpg .

Is there any tutorial kind of page that may help them solve this?
Comment 43 Tanvi Vyas - out until 6/27 [:tanvi] 2013-07-24 11:43:57 PDT
(In reply to Selim Sumlu from comment #42)
> Is there any tutorial kind of page that may help them solve this?

Yes!  You can send them https://developer.mozilla.org/en-US/docs/Security/MixedContent/fix_website_with_mixed_content.  In this case the blocked code is http://code.jquery.com/jquery.min.js, but jquery doesn't provide an https version (Going to https://code.jquery.com/jquery.min.js gives you a cert error).  They can copy the jquery code and host it themselves though.

You can also reference even more info on Mixed Content if they want further reading:
https://developer.mozilla.org/en-US/docs/Security/MixedContent
https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

Thank you very much for your help Selim!
Comment 44 Aidan Corey 2013-07-26 13:17:29 PDT
https://s5.parature.com/

After I log in, this site uses an iframe to display custom content from a server on my office intranet. (The problem isn't with Parature; it's our IT department's choice not to use https for an intranet site).

Aurora blocks this. It works temporarily if I override it, but Aurora doesn't retain that setting.

(Chrome 28.0.1500.72 m does not block the iframe, but MSIE 9 does.)
Comment 45 fl0 2013-08-05 14:51:02 PDT
Actually in a blog (https://korben.info) accessed in HTTPS Vimeo player is not loading, MCB is blocking it.
I use the latest FF23's bêta and up to date HTTPS Everywehere which doesn't correct the Vimeo's address given their rule is "default off". But a video shouldn't enter in the case "passive mixed content" and so should be allowed and don't be blocked. Given the player use the flash a plugin it may be considered as "active", isn't this one of the edgy case ?
I think this shall be corrected because it would surely cause a "security warning fatigue" if it's deployed in release channel.
I hope it will help and I excuse by advance if I didn't post in the right place because that's my first contribution to Bugzilla.
Comment 46 michael.brodie 2013-08-08 08:50:45 PDT
The website for https://na5.salesforce.com is broken. The parent domain is salesforce.com, which is a CRM product we use in our call center. This has an integrated telephony suite provided by Five9.com  In order for the Five9 softphone CTI adapter to work with Salesforce, it must allow a popup from http://localhost:11000/?sfdcFrameOrigin=https%3A%2F%2Fna5.salesforce.com&sid=00D700000008LF7!AQYAQDX.iZSCnwqrhxU3uAU9NNAfMHuAzkFLDPwJAhah5G.7QGoOGd9wAdJwKHNXVEoDQ8_zSdS0bKZDsm4Lh7Rr8RgMfwAZ&

This popup is blocked as mixed content, preventing use of our call center's CRM and phone systems. It is not possible to allow mixed content on a per-page basis since each account record is pulled as a unique URL.

Please update to allow a domain level mixed-content approval ability, if not a global mixed-content approval ability. This is critical, and we would love to keep supporting the use of Firefox, but will not be able to do so until this bug is corrected.

Thank you
Comment 47 Larissa Co [:lco] 2013-08-08 10:39:07 PDT
(In reply to michael.brodie from comment #46)
> Please update to allow a domain level mixed-content approval ability, if not
> a global mixed-content approval ability. This is critical, and we would love
> to keep supporting the use of Firefox, but will not be able to do so until
> this bug is corrected.
> 

Hi Michael,

Yes, we understand your concerns. See bug 902156 where we're working on part of the issue. The domain/global approval ability is something we're currently discussing also.
Comment 48 Hedda 2013-08-12 11:05:36 PDT
Not sure if this is the place to report:  http links in craigslist forums (user posted links and craigslist links) won't open when clicked (but can be opened in a new tab) in FireFox 23.  They trigger the mixed content alarm which does then allow a single-case exception if the user chooses it.
Comment 49 Tanvi Vyas - out until 6/27 [:tanvi] 2013-08-12 12:12:39 PDT
(In reply to Aidan Corey from comment #44)
> https://s5.parature.com/
> 
> After I log in, this site uses an iframe to display custom content from a
> server on my office intranet. (The problem isn't with Parature; it's our IT
> department's choice not to use https for an intranet site).
> 
> Aurora blocks this. It works temporarily if I override it, but Aurora
> doesn't retain that setting.
> 
> (Chrome 28.0.1500.72 m does not block the iframe, but MSIE 9 does.)

Chrome 30+ will also block the iframe.
Comment 50 Tanvi Vyas - out until 6/27 [:tanvi] 2013-08-12 12:13:45 PDT
(In reply to michael.brodie from comment #46)
> The website for https://na5.salesforce.com is broken. The parent domain is
> salesforce.com, which is a CRM product we use in our call center. This has
> an integrated telephony suite provided by Five9.com  In order for the Five9
> softphone CTI adapter to work with Salesforce, it must allow a popup from
> http://localhost:11000/?sfdcFrameOrigin=https%3A%2F%2Fna5.salesforce.
> com&sid=00D700000008LF7!AQYAQDX.iZSCnwqrhxU3uAU9NNAfMHuAzkFLDPwJAhah5G.
> 7QGoOGd9wAdJwKHNXVEoDQ8_zSdS0bKZDsm4Lh7Rr8RgMfwAZ&
> 

Letting salesforce know about this will also be helpful.  Thanks!
Comment 51 Tanvi Vyas - out until 6/27 [:tanvi] 2013-08-12 12:16:41 PDT
(In reply to Hedda from comment #48)
> Not sure if this is the place to report:  http links in craigslist forums
> (user posted links and craigslist links) won't open when clicked (but can be
> opened in a new tab) in FireFox 23.  They trigger the mixed content alarm
> which does then allow a single-case exception if the user chooses it.

There is a bug related to the craiglist issue - it is a functionality issue with the Mixed Content Blocker itself.  It shouldn't be blocking page navigation.  I have a patch and am working on the tests so that we can land and uplift the fix to this bug (https://bugzilla.mozilla.org/show_bug.cgi?id=902350).
Comment 52 Hedda 2013-08-13 18:30:03 PDT
(In reply to Tanvi Vyas [:tanvi] from comment #51)
> ... I have a patch and am working on the tests so that we can land
> and uplift the fix to this bug
> (https://bugzilla.mozilla.org/show_bug.cgi?id=902350).

Thanks for the 902350 bug thread reference.
Comment 53 Tanvi Vyas - out until 6/27 [:tanvi] 2013-08-14 12:37:23 PDT
https://www.commondreams.org/view/2013/08/14-5 blocks mixed script for disqus.  The https version does exist though, so they would just need to update their link:

Blocked loading mixed active content "http://commondreams.disqus.com/embed.js" @ https://www.commondreams.org/sites/commondreams.org/files/js/js_fb13a435ea97c698380ff317a51ea2bd.js:19
Comment 54 jasonfz 2013-08-18 11:31:32 PDT
Login dialog blocked at:

https://www.allscripts.com/en/client-login.html

Chrome & IE both allow this login dialog, I found this bug thread troubleshooting why it stopped working in Firefox 23 for Mac and Windows clients.
Comment 55 Joern Heissler 2013-08-19 03:39:56 PDT
I have a company-private application running which does an XHR POST to http://localhost:12345/resource
It's no longer working. Can you please add an exception for "localhost" as MITM attacks aren't possible here?
Comment 56 Stefan Baebler 2013-08-20 08:23:13 PDT
Joern, such exceptions (eg. IE's "intranet" mode) are a nightmare for developers. "It works on my computer", only until it is deployed to test or production environment.

In your case you could (depending on your httpd) make it work by enabling https (with self-signed cert) on your localhost.
Comment 57 Tanvi Vyas - out until 6/27 [:tanvi] 2013-08-20 15:09:08 PDT
(In reply to jasonfz from comment #54)
> Login dialog blocked at:
> 
> https://www.allscripts.com/en/client-login.html
> 
> Chrome & IE both allow this login dialog, I found this bug thread
> troubleshooting why it stopped working in Firefox 23 for Mac and Windows
> clients.
This page has mixed content script from jquery.

Testing on Chrome 28, the script is also blocked:

[blocked] The page at https://www.allscripts.com/en/client-login.html ran insecure content from http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js.

Since this is script, I suspect that IE has also blocked the script.  It is possible that the site has written IE-specific code.
Comment 58 Daniel Veditz [:dveditz] 2013-08-20 17:32:55 PDT
(In reply to Joern Heissler from comment #55)
> I have a company-private application running which does an XHR POST to
> http://localhost:12345/resource
> It's no longer working. Can you please add an exception for "localhost" as
> MITM attacks aren't possible here?

Is the localhost:12345 service robust enough to be exposed to the public internet? That's basically what you've done there, with your browser as the bridge. Maybe your own app won't abuse the service but you're relying on "security by obscurity" to protect you from everyone else. In my experience such services are usually developed without much thought about security because the makers somehow think the magic firewall will protect them.

Ideally we'd like to kill all access to local addresses from public web pages (bug 354493) but I don't see that flying any time soon. That may not match the situation here anyway since you said it was a "company-private" application; is it hosted on an internal network address?
Comment 59 Joern Heissler 2013-08-20 22:43:13 PDT
(In reply to Stefan Baebler from comment #56)
> Joern, such exceptions (eg. IE's "intranet" mode) are a nightmare for
> developers. "It works on my computer", only until it is deployed to test or
> production environment.

Oh dear, I didn't even test it with MS products yet. Good that the group of users is limited and doesn't use MS :-)

> In your case you could (depending on your httpd) make it work by enabling
> https (with self-signed cert) on your localhost.

Would mean importing that cert into all browsers, might be easier to get a real cert for e.g. https://localhost.mydomain.tld/ and set dns record to 127.0.0.1

(In reply to Daniel Veditz [:dveditz] from comment #58)
> Is the localhost:12345 service robust enough to be exposed to the public
> internet? That's basically what you've done there, with your browser as the
> bridge.
 
The webserver checks the origin header, if it's not own domain, it replies with 403. Unless a malicious website can fake the origin, it should be secure. Even when not, the worst damage would be some DoS.

> Ideally we'd like to kill all access to local addresses from public web
> pages (bug 354493) but I don't see that flying any time soon. That may not
> match the situation here anyway since you said it was a "company-private"
> application; is it hosted on an internal network address?

It's hosted on a public address. Might be changed to using a VPN, but that's also trouble to setup currently.
Comment 60 Lou Rinaldi 2013-08-22 08:34:17 PDT
The Learning Management System known as Sakai CLE is particularly susceptible because of its heavy reliance on iframes. http://www.sakaiproject.org/

Here at Yale, our deployment of Sakai is branded "Classes*v2" https://classesv2.yale.edu/

While not open to the general public, we have already received faculty reports of issues stemming from mixed content blocking. We expect to hear more when classes start next week.
Comment 61 Kenneth Garza 2013-08-27 05:25:43 PDT
Good morning,

My company creates and maintains User Generated Content Contests for our clients and our facebook integration is not functioning properly with Mixed Content Blocking.  This is primarily due to our Content Hosting Provider does not support Https Uploading.

Currently the issue seems to only happen within the facebook canvas page.

Here is a link to our test contest

https://apps.facebook.com/digitalivystaging/fb/319327748166522/5bygjx

Instructions on recreating the bug

1) Login to Facebook and proceed to the link above (make sure you have Secure Browsing enabled in facebook Account Settings -> Security)
2) Click Submit an Entry (you might be asked to register, fake data is fine as its a test contest)
3) attempt to create a submission by uploading an image file.
4) You will get a mixed content error that blocks this process.

We are able to work around it by disabling this feature on the page prior to submission.  This functionality works perfectly in all major Browsers including Firefox 22.  This issue appeared with the release of Firefox 23.

This did expose a few places we could improve our code which we are working on but currently this is the only piece that is out of our control.  Any ideas would be appreciated.

Thanks

Kenneth Garza
AMP Contesting Development Team Lead
Triton Digital
kenneth.garza@tritondigital.com
Comment 62 jasonfz 2013-08-27 19:36:43 PDT
(In reply to Tanvi Vyas - out until 9/4 [:tanvi] from comment #57)
> (In reply to jasonfz from comment #54)
> > Login dialog blocked at:
> > 
> > https://www.allscripts.com/en/client-login.html
> > 
> > Chrome & IE both allow this login dialog, I found this bug thread
> > troubleshooting why it stopped working in Firefox 23 for Mac and Windows
> > clients.
> This page has mixed content script from jquery.
> 
> Testing on Chrome 28, the script is also blocked:
> 
> [blocked] The page at https://www.allscripts.com/en/client-login.html ran
> insecure content from
> http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js.
> 
> Since this is script, I suspect that IE has also blocked the script.  It is
> possible that the site has written IE-specific code.

The webmaster has updated their site to be compliant and removed the insecure content -- it now works as intended and thank you very much for assisting with pointing them in the right direction!  It now works under all browsers including Firefox under Mac/Windows.
Comment 63 jpdalbec 2013-08-29 08:00:52 PDT
SciQuest SelectSite punchouts are failing when vendor sites are HTTP.
Comment 64 Julie Lewis 2013-08-30 10:21:33 PDT
The reporting tool on the www.fastexas.org tool is now broken.

The application serves flash files for the reports.

To re-create:
https://ourcpa.cpa.state.tx.us/fast/rpttool/disclaimerSubmit.do
 Click the disclaimer button;
 Select the radio button: View a FAST profile for a single specific district or compare multiple specific districts.
Select any district from the list and hit submit.  

Yes I know the architecture of this is problematic, and I wouldn't even bother reporting this if the UX of bypassing this blocker was not SO RIDICULOUSLY CONVOLUTED.
Comment 65 Jason Stillion 2013-09-03 08:30:32 PDT
Columbus State Community College - Online portal (Black Board)
Mixed content tripping.

https://courses.cscc.edu/
Comment 66 Jason Stillion 2013-09-03 08:33:14 PDT
(In reply to Jason Stillion from comment #65)
> Columbus State Community College - Online portal (Black Board)
> Mixed content tripping.
> 
> https://courses.cscc.edu/

There portal is displaying mixed content, not sure if they can make changes to not show mixed contend.
Comment 67 J Gubbins 2013-09-11 10:58:17 PDT
This is causing a big issue at the University of West Georgia and many other schools using Desire2Learn learning management system, Wikispaces, YouTube, and many other sources of web content for online education.

One MAJOR problem is that FFox does NOT always provide the little "mixed content" shield (have screenshots proving it). Therefore, directing FF users to "click on the shield to allow" does not work if there is no shield available.  (I'm not sure if I have posted this in the correct bug report)
Comment 68 Tanvi Vyas - out until 6/27 [:tanvi] 2013-09-11 18:06:35 PDT
(In reply to J Gubbins from comment #67)
> This is causing a big issue at the University of West Georgia and many other
> schools using Desire2Learn learning management system, Wikispaces, YouTube,
> and many other sources of web content for online education.
> 
> One MAJOR problem is that FFox does NOT always provide the little "mixed
> content" shield (have screenshots proving it). Therefore, directing FF users
> to "click on the shield to allow" does not work if there is no shield
> available.  (I'm not sure if I have posted this in the correct bug report)

Hi J,

Thank you for your comment!  When we block mixed active content, the shield should definitely show up in the url bar.  If not, that is a bug and we need to fix it.  Can you provide me with an example url where you are experiencing this behavior?  I can test it out and see what is going on.

If you aren't sure if the issues you are experiencing are due to mixed content or something else, you can also open up the Developer Tools Web Console (https://developer.mozilla.org/en-US/docs/Tools/Web_Console).  The security pane will tell you if any content is blocked by the Mixed Content Blocker:
https://mdn.mozillademos.org/files/5261/blocked-mixed-content-errors.png

Thanks!
Comment 69 DW Steverson 2013-09-12 10:41:43 PDT
(In reply to Tanvi Vyas [:tanvi] from comment #68)
> (In reply to J Gubbins from comment #67)
> > This is causing a big issue at the University of West Georgia and many other
> > schools using Desire2Learn learning management system, Wikispaces, YouTube,
> > and many other sources of web content for online education.
> > 
> > One MAJOR problem is that FFox does NOT always provide the little "mixed
> > content" shield (have screenshots proving it). Therefore, directing FF users
> > to "click on the shield to allow" does not work if there is no shield
> > available.  (I'm not sure if I have posted this in the correct bug report)
> 
> Hi J,
> 
> Thank you for your comment!  When we block mixed active content, the shield
> should definitely show up in the url bar.  If not, that is a bug and we need
> to fix it.  Can you provide me with an example url where you are
> experiencing this behavior?  I can test it out and see what is going on.
> 
> If you aren't sure if the issues you are experiencing are due to mixed
> content or something else, you can also open up the Developer Tools Web
> Console (https://developer.mozilla.org/en-US/docs/Tools/Web_Console).  The
> security pane will tell you if any content is blocked by the Mixed Content
> Blocker:
> https://mdn.mozillademos.org/files/5261/blocked-mixed-content-errors.png
> 
> Thanks!

Hello Tanvi,

I work with J at the University of West Georgia. I took a screenshot of Firefox blocking mixed content without offering an option to show all content on the page (http://www.westga.edu/~wstevers/firefox_blocked_content.jpg). We are seeing this error in our Learning Management System, so we are unable to provide a direct link to test. If there is a private communication method we could use to communicate through, we would be happy to provide test credentials.

Thank you!
Comment 70 Tanvi Vyas - out until 6/27 [:tanvi] 2013-09-12 11:48:03 PDT
Hi DW and J,

Thanks for providing the screenshot. I've emailed you to see if I can get credentials to test with.  One other question - what operating system are you using?  This might be an issue specific to Firefox with Windows 7.
Comment 71 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2013-09-12 13:13:33 PDT
(In reply to DW Steverson from comment #69)
> http://www.westga.edu/~wstevers/firefox_blocked_content.jpg

I see that your screenshot shows we blocked a YouTube video. When possible, you can (and should) fix this issue with YouTube videos on your end by replacing the "http" with "https" in the <iframe src=http://youtube.com/...> part of the page, because youtube.com does support HTTPS for embedded videos.
Comment 72 Richard A Milewski[:richard] 2013-09-13 06:30:32 PDT
Can't use the captive portal at CDG to purchase WiFi with Aurora 25.0a2.  Works fine with Safari.   Fails between showing the terms and the payment page.

https://mercanet.netinary.net/centralportal   

Aêroportes de Paris.  The customer service number for WiFi is 0 805 46 94 34.
Comment 73 Aaron Greenspan 2013-09-25 17:38:29 PDT
My company developed a web-based retail point of sale system (FaceCash Register, which runs on https://www.facecash.com) that uses a local Windows program running a web server to operate an optional second printer and cash drawer. That local web server does not have an SSL certificate, even though everything happening on the FaceCash web site uses SSL and is addressed as https://. Consequently, when our JavaScript call goes out to http://localhost to send data to Windows, it triggers the mixed content blocker and prevents the cash drawer from opening and/or the kitchen printer from printing. This is a problem.

It seems like you can disable mixed content blocking for the site, but it only applies to that browser session. The next time our merchant goes back to the site, it's blocked again.
Comment 74 Henry M. McClean 2013-11-19 23:54:58 PST
This website is broken:
http://www.textyourexbackpdf.info/

I've already tested it using Firefox in safe mode, but it still doesn't show its CSS unless I stop blocking the mixed content.
Comment 75 Henry M. McClean 2013-11-29 12:45:32 PST
Sites were Mixed Active Content only appeared on 1 or 2 browses, but not all 3.

Updated the spreadsheet a bit.

http://vimeo.com/79090838
http://vimeo.com/78989947
Comment 76 Henry M. McClean 2013-12-26 06:19:51 PST
> Upper right of the page, there should be a search box that fails to display.
http://www.thesomanabolicmusclemaximizereview.com/
Comment 77 sjw 2014-01-17 02:38:23 PST
I think this fits better in Tech Evangelism.
Comment 78 sjw 2014-01-17 02:56:30 PST
[Depends on 920536]
Comment 82 musclemaximizerworks 2014-04-21 00:05:55 PDT Comment hidden (spam)
Comment 83 Niisha 2014-06-19 00:45:55 PDT
Subscribe box show larger in laptop

Page Link -  http://www.couponbaba.in/flipkart.com/
Comment 84 Edward 2014-06-26 08:27:24 PDT
As with a previous comment our company has several web functions that utilize call backs to http://localhost for interacting with Java apps. Mixed Content blocking has now become a problem to functionality which has no or limited risk for data exposure.  As localhost does not have security cert, forcing those calls to be HTTPS breaks function.  

Really need either permanent site white list for exception as reloading the page to create temporary exception every time the user logs in is inconvenient.  Or have internal to firefox an exclusion for applying mixed content filtering to any "localhost" URL.....

Again, good idea, but implications not well thought out for general impact.
Comment 85 Niisha 2014-08-04 04:31:09 PDT
Error in my site, Showing twitter account is not connected. Plz Check.

http://www.knottykart.com
Comment 86 sjw 2014-08-04 06:15:16 PDT
(In reply to Niisha from comment #83)
> Subscribe box show larger in laptop
> 
> Page Link -  http://www.couponbaba.in/flipkart.com/

(In reply to Niisha from comment #85)
> Error in my site, Showing twitter account is not connected. Plz Check.
> 
> http://www.knottykart.com

Mixed Content blocker does only affect sites, that provide ssl. Your site seems to support only http, so these issues are not related with mixed contet blocker.
Comment 87 Karl Dubost :karlcow 2015-02-25 22:55:52 PST
What would be the good way to test with JS that one or more resources has mcb

aka 

When accessing https://www.example.com/
there is a resource http://overthere.example.net/ which is downloaded.

In the console it displays has 
Blocked loading mixed active content "http://***"[Learn More]


asking because it would be good to add to our automated tests in 
https://github.com/hallvors/sitecomptester-extension/blob/master/data/sitedata.json

Example:
https://github.com/hallvors/sitecomptester-extension/blob/master/data/sitedata.json#L245
Comment 88 Hallvord R. M. Steen [:hallvors] 2015-02-26 03:13:01 PST
In the slimerjs test runner I do this which sort of works - 

	page.onResourceError = function (res) {
	    if(/http:\/\//.test(res.url)){
			httpResources.push(res.url);
		}
	}
It's kind of good enough, but it might be nice to also pick up the console warnings..
Comment 89 delpiyod 2015-02-26 12:42:25 PST
> Upper right of the page, there should be a search box that fails to display.
http://www.reviewsnq.com/

I've already tested it using Firefox in safe mode, but it still doesn't show its CSS unless I stop blocking the mixed content.
Comment 90 vernetroyer 2015-05-26 08:09:04 PDT
(In reply to Brian Smith (:briansmith, :bsmith, use NEEDINFO?) from comment #2)
> (In reply to Matt Wobensmith from comment #1)
> > Created attachment 746148 [details]
> > This list was compiled after running m-c through top 1000 domains, with
> > blocking of both active and display content enabled.
> 
> This is great work!
> 
> However, I think it is a little misleading as far as the user impact goes.
> For example, http://imgur.com/ might be a top-1000 site but
> https://imgur.com/ might never be used, even though it happens to kind of
> have "worked" in older versions of Firefox. And, in fact, https://imgur.com/
> is "broken" consistently (AFAICT) between MSIE, Firefox, and Chrome. IMO,
> that consistency indicates that we are doing the right thing (and that
> previously we were doing the wrong thing).
> 
> I think the next step would be to go through the 103 URLs in the list in
> Google Chrome and see which ones render/behave differently between Chrome
> and Firefox. I picked Chrome specifically because our mixed content blocker
> is more strict than Chrome's blocker, so our blocker should break more pages
> than Chrome's blocker does. I picked 10 of the 103 URLs and found Chrome was
> very clearly also broken in 8 of them (https://www.sergey-mavrodi.com and
> https://pogo.com were not obviously broken in Chrome, but neither were they
> clearly broken in Firefox either, despite triggering the blocker icon in
> both).
> 
> Anyway, again, awesome work!

i am totally agree with. imgur is in top 100 sites. 

http://entrydope.tumblr.com/
Comment 91 Sercan 2015-06-04 07:53:52 PDT
There is a problem in our website, but we couldn’t figure out what it is. Can you please help? Our kontakt lens page: https://www.acuvue.com.tr/kontakt-lens Thank you soo much.
Comment 92 John Hesling [:John99] 2015-06-04 09:17:56 PDT
Personally I do not see a Mixed Content Blocked indication when I visit your site with Firefox.
If you see a problem yourself when using Firefox and think there is a problem with Firefox You may like to ask on the Mozilla Support site use: https://support.mozilla.org/questions/new/

If the issue is apparently with the Website design some third party site may be able to assist you. I would suggest trying: http://forums.mozillazine.org/viewforum.php?f=25 {Web Development / Standards Evangelism) 

If you are getting reports of users seeing a shield on the location bar of Firefox it may be the experimental Tracking Blocking feature see https://support.mozilla.org/kb/tracking-protection-firefox
Comment 93 SlimJones123 2015-07-01 11:36:52 PDT
this page of website doesn't load properly http://hashmov.com/watch-filth-2013-online  How to fix it.
Comment 94 SlimJones123 2015-08-19 01:03:27 PDT
http://trailerweb.tumblr.com/
Comment 95 jaquezjulio77 2015-12-16 12:38:21 PST
Comment on attachment 746148 [details]
Domains that trigger mixed content blocker

>68:34.13  Mixed Content Doorhanger appeared: (94)https://imgur.com
>68:34.13  Mixed Content Doorhanger appeared: (94)https://www.imgur.com
>68:34.14  Mixed Content Doorhanger appeared: (103)https://espn.go.com
>68:34.14  Mixed Content Doorhanger appeared: (103)https://www.espn.go.com
>163:21.58  Mixed Content Doorhanger appeared: (117)https://www.nytimes.com
>163:21.58  Mixed Content Doorhanger appeared: (137)https://www.ehow.com
>163:21.58  Mixed Content Doorhanger appeared: (173)https://www.orange.fr
>163:21.59  Mixed Content Doorhanger appeared: (241)https://www.ameba.jp
>163:21.59  Mixed Content Doorhanger appeared: (260)https://www.iqiyi.com
>163:21.59  Mixed Content Doorhanger appeared: (266)https://www.mobile01.com
>163:21.59  Mixed Content Doorhanger appeared: (270)https://www.samsung.com
>163:21.59  Mixed Content Doorhanger appeared: (275)https://www.tagged.com
>163:21.59  Mixed Content Doorhanger appeared: (284)https://www.myspace.com
>163:21.59  Mixed Content Doorhanger appeared: (287)https://www.siteadvisor.com
>163:21.59  Mixed Content Doorhanger appeared: (295)https://isohunt.com
>163:21.59  Mixed Content Doorhanger appeared: (295)https://www.isohunt.com
>163:21.59  Mixed Content Doorhanger appeared: (304)https://www.weebly.com
>163:21.59  Mixed Content Doorhanger appeared: (310)https://www.twoo.com
>163:21.59  Mixed Content Doorhanger appeared: (311)https://imageshack.us
>163:21.60  Mixed Content Doorhanger appeared: (311)https://www.imageshack.us
>163:21.60  Mixed Content Doorhanger appeared: (322)https://www.exoclick.com
>163:21.60  Mixed Content Doorhanger appeared: (331)https://www.intuit.com
>163:21.60  Mixed Content Doorhanger appeared: (350)https://www.seznam.cz
>163:21.60  Mixed Content Doorhanger appeared: (356)https://mashable.com
>163:21.60  Mixed Content Doorhanger appeared: (356)https://www.mashable.com
>163:21.60  Mixed Content Doorhanger appeared: (358)https://beeg.com
>163:21.60  Mixed Content Doorhanger appeared: (358)https://www.beeg.com
>163:21.60  Mixed Content Doorhanger appeared: (366)https://www.match.com
>163:21.60  Mixed Content Doorhanger appeared: (386)https://www.wix.com
>163:21.60  Mixed Content Doorhanger appeared: (394)https://abcnews.go.com
>163:21.60  Mixed Content Doorhanger appeared: (394)https://www.abcnews.go.com
>163:21.60  Mixed Content Doorhanger appeared: (398)https://9gag.com
>163:21.60  Mixed Content Doorhanger appeared: (399)https://www.dell.com
>163:21.60  Mixed Content Doorhanger appeared: (401)https://bleacherreport.com
>168:53.71  Mixed Content Doorhanger appeared: (406)https://www.buzzfeed.com
>168:53.71  Mixed Content Doorhanger appeared: (412)https://www.ning.com
>168:53.71  Mixed Content Doorhanger appeared: (416)https://acesse.com
>168:53.71  Mixed Content Doorhanger appeared: (416)https://www.acesse.com
>168:53.71  Mixed Content Doorhanger appeared: (428)https://www.terra.com.br
>168:53.71  Mixed Content Doorhanger appeared: (463)https://www.mobile.de
>168:53.71  Mixed Content Doorhanger appeared: (483)https://www.123rf.com
>168:53.71  Mixed Content Doorhanger appeared: (484)https://inbox.com
>168:53.71  Mixed Content Doorhanger appeared: (484)https://www.inbox.com
>168:53.71  Mixed Content Doorhanger appeared: (490)https://youm7.com
>168:53.71  Mixed Content Doorhanger appeared: (490)https://www.youm7.com
>168:53.71  Mixed Content Doorhanger appeared: (512)https://www.sahibinden.com
>168:53.71  Mixed Content Doorhanger appeared: (521)https://www.tmz.com
>168:53.71  Mixed Content Doorhanger appeared: (540)https://www.verizonwireless.com
>168:53.71  Mixed Content Doorhanger appeared: (552)https://www.blackhatworld.com
>168:53.71  Mixed Content Doorhanger appeared: (561)https://www.infusionsoft.com
>168:53.71  Mixed Content Doorhanger appeared: (568)https://www.888.com
>168:53.71  Mixed Content Doorhanger appeared: (572)https://avazutracking.net
>168:53.71  Mixed Content Doorhanger appeared: (572)https://www.avazutracking.net
>168:53.71  Mixed Content Doorhanger appeared: (576)https://www.pixnet.net
>168:53.71  Mixed Content Doorhanger appeared: (577)https://xda-developers.com
>168:53.71  Mixed Content Doorhanger appeared: (577)https://www.xda-developers.com
>168:53.71  Mixed Content Doorhanger appeared: (582)https://www.sergey-mavrodi.com
>168:53.71  Mixed Content Doorhanger appeared: (588)https://www.mynet.com
>168:53.71  Mixed Content Doorhanger appeared: (591)https://pogo.com
>168:53.71  Mixed Content Doorhanger appeared: (591)https://www.pogo.com
>168:53.72  Mixed Content Doorhanger appeared: (596)https://mgid.com
>168:53.72  Mixed Content Doorhanger appeared: (596)https://www.mgid.com
>168:53.72  Mixed Content Doorhanger appeared: (603)https://www.mapquest.com
>168:53.72  Mixed Content Doorhanger appeared: (605)https://swagbucks.com
>168:53.72  Mixed Content Doorhanger appeared: (605)https://www.swagbucks.com
>168:53.73  Mixed Content Doorhanger appeared: (621)https://www.retailmenot.com
>168:53.73  Mixed Content Doorhanger appeared: (641)https://www.cmbchina.com
>168:53.73  Mixed Content Doorhanger appeared: (646)https://issuu.com
>168:53.73  Mixed Content Doorhanger appeared: (646)https://www.issuu.com
>168:53.73  Mixed Content Doorhanger appeared: (663)https://twitpic.com
>168:53.73  Mixed Content Doorhanger appeared: (663)https://www.twitpic.com
>168:53.73  Mixed Content Doorhanger appeared: (668)https://tinyurl.com
>168:53.73  Mixed Content Doorhanger appeared: (681)https://www.careerbuilder.com
>168:53.73  Mixed Content Doorhanger appeared: (682)https://squarebux.com
>168:53.73  Mixed Content Doorhanger appeared: (687)https://www.zendesk.com
>275:12.85  Mixed Content Doorhanger appeared: (723)https://www.force.com
>275:12.85  Mixed Content Doorhanger appeared: (735)https://www.ensonhaber.com
>275:12.85  Mixed Content Doorhanger appeared: (742)https://www.xtube.com
>275:12.85  Mixed Content Doorhanger appeared: (747)https://drupal.org
>275:12.85  Mixed Content Doorhanger appeared: (748)https://www.cocolog-nifty.com
>275:12.85  Mixed Content Doorhanger appeared: (750)https://haberturk.com 
>275:12.85  Mixed Content Doorhanger appeared: (750)https://www.haberturk.com
>275:12.85  Mixed Content Doorhanger appeared: (761)https://www.norton.com
>275:12.85  Mixed Content Doorhanger appeared: (776)https://slickdeals.net
>275:12.85  Mixed Content Doorhanger appeared: (801)https://rottentomatoes.com
>275:12.85  Mixed Content Doorhanger appeared: (801)https://www.rottentomatoes.com
>275:12.85  Mixed Content Doorhanger appeared: (806)https://www.cheezburger.com
>275:12.85  Mixed Content Doorhanger appeared: (820)https://www.ea.com
>275:12.85  Mixed Content Doorhanger appeared: (836)https://www.kohls.com
>275:12.85  Mixed Content Doorhanger appeared: (855)https://www.nhk.or.jp
>275:12.85  Mixed Content Doorhanger appeared: (861)https://www.hi5.com
>275:12.85  Mixed Content Doorhanger appeared: (866)https://manta.com
>275:12.85  Mixed Content Doorhanger appeared: (866)https://www.manta.com
>275:12.85  Mixed Content Doorhanger appeared: (877)https://www.legacy.com
>275:12.85  Mixed Content Doorhanger appeared: (882)https://www.woot.com
>275:12.85  Mixed Content Doorhanger appeared: (912)https://www.piriform.com
>275:12.86  Mixed Content Doorhanger appeared: (924)https://boston.com
>275:12.86  Mixed Content Doorhanger appeared: (924)https://www.boston.com
>275:12.86  Mixed Content Doorhanger appeared: (932)https://www.avira.com
>275:12.86  Mixed Content Doorhanger appeared: (948)https://www.rr.com
>275:12.86  Mixed Content Doorhanger appeared: (954)https://www.roulettebotplus.com
>275:12.86  Mixed Content Doorhanger appeared: (998)https://jeuxvideo.com
>275:12.86  Mixed Content Doorhanger appeared: (998)https://www.jeuxvideo.com
Comment 96 eVanik 2016-01-10 23:06:26 PST
Taking too much time on loading homepage on firefox mozilla

Site Link - http://www.evanik.com
Comment 97 DrBaconPants 2016-01-25 03:27:29 PST
https://10starmovie.me/ is not opening in mozilla or taking time to load.

Note You need to log in before you can comment on or make changes to this bug.