Understanding Firefox Updated Security Indicators

Firefox 42 is here with updated security indicators designed to improve the security and privacy experience for users. Mozilla released version 42 on November 3, 2015, and streamlined how to inform users about a site’s security by updating icons and adding color. In short, the changes affected how Firefox displays Domain Validated (DV) Certificates, active mixed content, and passive mixed content in the URL address bar.

DV Address Bar vs. EV Address Bar

In previous versions of Firefox, DV Certificates were given a gray padlock icon in the address bar. Firefox 42 gives DV-secured sites green lock icons. This green icon is the same given to sites secured with an Extended Validation (EV) Certificate, and helps users understand that DV and EV sites are secure.

Nothing changed for sites secured with EV Certificates. The green lock icon in addition to the organization’s name appears in green text next to the lock remains unchanged. However, users should remember sites using EV Certificates go through a more in-depth verification process performed by a Certificate Authority (CA). This process ensures only verified organizations are given EV Certificates. Businesses benefit in many ways using these certificates.

Active Mixed Content

Active mixed content compromises security and privacy, so in Firefox 42 Mozilla switched the previously used gray shield icon for a green lock icon with a gray warning triangle. This informs users that the site contains active mixed content that is being blocked, but the site is secure to enter.

In previous versions, Firefox warned users of active mixed content with a gray shield icon in front of the domain name in the address bar. The shield indicated that the mixed content was blocked, which Firefox does by default.

As in previous versions, users can disable the blocking feature by doing the following:

  1. Click on the green lock icon.
  2. A pop-up box will appear below the green lock icon. Click on > on the right side of the pop-up window.
  3. Another pop-up box will appear. At the bottom click on “Disable protection for now.”

Once a user disables the content-blocking protection, the green lock icon will change to a gray lock icon with a red slash. The color change from green to gray indicates the site is no longer secure because the user disabled the protection.

Passive Mixed Content

In Firefox 42, sites with passive mixed content are marked as unsecure by displaying a gray lock icon with a yellow triangle warning on top.

Unlike active mixed content, Mozilla does not block passive mixed content by default. In earlier versions, Mozilla used a gray triangle to warn users that a site was not entirely secure.

Mozilla also uses this same gray lock icon and yellow triangle for sites using deprecated cryptography.

 

It’s important to note these changes are designed to make the experience better for an average user. Address bar changes for site security were one specific initiative for the Mozilla team in this release. More specific information can be found here.

Posted in Browser, Security
  • My1

    there’s just one problem, on FF mobile there’s now since the lock is always green no way to distinguish EV from DV is you dont tap the lock since the name is not shown because of space contraints, which kinda kills the purpose EV for that.