Review by akfek
Rated 4 out of 5
by akfek, 8 years ago4 reviews
- Rated 5 out of 5by geeknik, a year ago
- Rated 5 out of 5by Firefox user 13577855, 8 years ago
- Rated 5 out of 5by Firefox user 12357313, 9 years agoLatent Mixed Content? If the definition is conceptual to what it applies is a fact.
The link provided by the developer to learn more about latent mixed-content vulnerabilities is worth reading.
We know that Firefox blocks by default Active Mixed Content, lets loose by default Display Mixed Content, but what about secure pages which include links to non-secure pages? The issue can be far more damageable for the user than a Display Mixed Content. That's the point which is excellently described in the above mentioned page.
moarTLS, when its toolbar button clicked, will display in a pop-up all the non-secure links included in a secure (https) page. Is this too much precautions? I was just wondering why some secure pages offer a link to register which leads to a non-secure page : absurd? Certainly. Am I aware of it? Maybe not. With moarTLS I can be aware of it with a simple click... a click on moarTLS' toolbar button before (if ever) the click on the link to the non-secure page!
You have to be logic, especially with security. If you're involved you have to be totally. It's always the gap between what we believe is enough security and more (moar!) security which makes the day of an intruder.