more websites are turning red and the lock is x'd out saying 'this website doesn't supply identity information.'
Recently redownloaded FF 24. Backed down from 26 for many annoying reasons, but that's another post. Lately websites I know to be secure are turning red in the address bar that never have before. :-( In addition, most of the other websites I use, including my ISP's online email, show a gray ball & when highlighted, gives the same same message as the x'd out yellow lock, "This website does not supply identity information."
Some of these websites are well known and widely used by millions of people. And they have always been pretty secure. Something's just not right. Even weirder is that going from page to page on the same website shows different results (yellow lock, red address bar or gray ball).
I've reset, started in safe mode, uninstalled & reinstalled FF, cleared cookies & cache to no avail. I am getting tired of having to do that. The only recent add-on is do not track me. This is happening on this computer (win 7) and my old reliable xp laptop. This has been going on for months now through several versions of FF. It started w/my online email. I found the culprits there, but now highly popular sites I've been using for years are not providing identity information which means, according to FF and comodo, aren't secure. I find that hard to believe.
So I moved on to the troubleshooting info and clicked install. Guess what I got? 'Firefox prevented this site (support.mozilla.org) from asking you to install software on your computer.' REALLY? Firefox is preventing mozilla ?????? Sheesh
So I did it manually.
Anyhoo, FF is really getting to the point that it's not worth the trouble to use it.
And one more thing, trying to search this issue brings up mostly irrelevant links. That's why I started this new question.
Всички отговори (14)
If content is missing or otherwise not working then check if there is a shield icon on the left end of the location bar before the "Site Identity Button" (globe/padlock) on the location bar indicating that mixed content is blocked.
- https://support.mozilla.org/kb/how-does-content-isnt-secure-affect-my-safety
- https://developer.mozilla.org/Security/MixedContent
You may also see an exclamation mark showing that there is mixed display content that Firefox is allowing.
I assume that the red location bar is part of the Old Location Bar extension as Firefox by default only shows icons on the location bar.
Променено на
Hi corel. Of all the sites I went on today, only one had a shield and the address bar wasn't red and didn't have the globe & the lock was gray. The rest had either only the lock or the gray globe. Same w/the tabs I currently have open. I haven't noticed an exclamation mark anywhere.
It would be nice if FF/comodo gave details as to what it was blocking and/or what the mixed content was so we could make an informed decision as to whether to proceed to use that site. It bothers me that every site I have email accounts on and/or do other forms of business with appear to be unsecured in one way or another. SIGH...
I can't say for sure about the old location bar.
I read the info in the links you provided. So far, none of the answers my concern that these websites are used by millions of people and all of a sudden there's no info re their identity and they are no longer safe (signed in or not) even tho they all seem to be using stuff like norton secured, verisign, etc. Or maybe I'm still not understanding the mixed contact. It's late, I'll reread in the morning.
Thanks for your help!
Do you still get the red location bar in Firefox Safe Mode?
If it works in Safe Mode and in normal mode with all extensions (Firefox/Tools > Add-ons > Extensions) disabled then try to find which extension is causing it by enabling one extension at a time until the problem reappears.
Close and restart Firefox after each change via "Firefox > Exit" (Windows: Firefox/File > Exit; Mac: Firefox > Quit Firefox; Linux: Firefox/File > Quit)
It is up to website servers to make sure that all content on a secure https connection comes via a secure connection, especially third party content like advertisements.
The gray exclamation triangle is a little confusing because there are two different types of information mixed together in that icon:
(1) Not supplying identity information: this indicates that there is a valid security certificate, but it is an ordinary certificate and not an EVSSL (green lock) certificate. Same as a gray padlock, as far as the main page goes. So that part of the message is not worrisome unless the site used to show a green padlock before.
(2) Gray exclamation-triangle: this indicates that that the page contains "mixed" content. More specifically, although the page was retrieved through an encrypted connection (HTTPS) with a valid certificate, something in the page was retrieved over an open connection.
To discover the non-secure content, you can look in Firefox's Browser Console:
- Windows: Ctrl+Shift+j
- Mac: Command+Shift+j
- Menu Bar: Tools > Web Developer > Browser Console
- (Win) orange Firefox button > Web Developer > Browser Console
Once you have that open, you likely will see lots of stuff. To filter the list, type mix into the search/filter box at the upper right.
At this point, you can decide whether you are concerned about the non-secure content. For example, perhaps it's something from the same site that they mistakenly forgot to serve with an HTTPS URL. (Screen shot example attached.) But, you may discover that it's from a different site and then you can start to assess whether there might be something suspicious going on with the page. Maybe it's user-posted content that's hosted on a popular image hosting site. Or you may notice a pattern suggesting that one of your extensions is injecting advertising into the pages... or worse.
Note: You can keep the Browser Console window open (minimized) with the filter set to mix for quicker reference if you're seeing this often.
Corel & jscher,
Thank you for your responses.
Here's what I have done so far: (any comments, suggestions are welcome!)
I restarted FF in safe mode and the red address bar is gone. However, I opened 18 different tabs and the ONLY site that has a green lock is mozilla! The rest have the gray globe &/or shield that says FF is blocking something! :-((
I called one of the companies w/whom I do business and asked about the status of their identity info. I was assured it was up to date, yet it doesn't seem to be reflected in FF.
Some of the websites I have open right now that are experiencing this are amazon, ebay, wordpress, apple, one very large ISP, one very large box store, one of the biggest shopping channels and one email site & home page from a smaller ISP. I am signed in to both of the last two and there are inconsistencies. WHen singed into the ISP online email, I get a gray lock (back in regular FF mode) which says its verified by COMODO. When in specific emails I get a not verified & partially encrypted message, yet in other emails, I get a gray lock. When on the same ISP as the email's home page signed in, I get the gray globe.
I have yet to see a triangle, jscher regardless of which FF mode I'm in.
I tried the ctrl shift j on the site I called and couldn't make heads or tales of what it was telling me. ( One odd thing I did notice was that it was referencing two websites from others tab I had open at the same time. These websites have, to the best of my knowledge, nothing to do w/each other. There's stuff in the box about joining mozilla; parsing errors that make no sense to me (sorry, I'm a DOS baby and not all that techie ;p); unknown property w/various references followed by declaration dropped; and more. Here's some examples:
1. [18:08:18.402] Unknown property '-moz-border-radius-topright'. Declaration dropped. @ https://addons.cdn.mozilla.net/media/css/zamboni/impala-min.css?build=a4a197a:1
2.[18:08:18.403] Error in parsing value for 'line-height'. Declaration dropped. @ https://addons.cdn.mozilla.net/media/css/zamboni/impala-min.css?build=a4a197a:1
3. [18:07:45.008] " _.-~-.
7 Q..\ _7 (_ _7 _/ _q. / _7 . ___ /VVvv-'_ . 7/ / /~- \_\\ '-._ .-' / // ./ ( /-~-/||'=.__ '::. '-~ { ___ / // ./{ V V-~-~| || ___ ':::. ~-~.___.- _/ // / {_ / { / VV/-~-~-|/ \ .'__'. '. ':: _ _ _ . / /~~~~||VVV/ / \ ) \ _ __ ___ ___ ___(_) | | __ _ .::' / (~-~-~\\.-' / \' \::::. | '_ ` _ \ / _ \_ / | | |/ _` | :::'
/..\ /..\__/ ' '::: | | | | | | (_) / /| | | | (_| | ::' vVVv vVVv ': |_| |_| |_|\___/___|_|_|_|\__,_|
Hi there, nice to meet you!
Interested in having a direct impact on hundreds of millions of users? Join Mozilla, and become part of a global community that’s helping to build a brighter future for the Web.
Visit https://careers.mozilla.org to learn about our current job openings. Visit https://www.mozilla.org/contribute for more ways to get involved and help support Mozilla."
Correction first paragraph
I restarted FF in safe mode and the red address bar is gone. However, I opened 18 different tabs and the ONLY site that has a green lock is mozilla! The rest have the gray lock, the gray globe or the gray globe and shield that says FF is blocking something!
Hi CallyCat, most companies do not pay extra for EVSSL certificates that generate a green lock. The gray lock is fairly standard for secure (HTTPS) sites. You should see similar indications in other browsers if you think Firefox might be treating the site differently.
The gray globe indicates an HTTP page sent over an open connection. Depending on the site, that may be perfectly fine. As long as you are not sending or receiving sensitive information, the fact that the requests and responses could be read by others probably isn't a concern.
You can contrast:
- gray globe: http://jeffersonscher.com/res/jstest.php
- gray lock: https://jeffersonscher.com/res/jstest.php
The Browser Console collects information from all tabs, so yes, it can be a little overwhelming. Did you open it with the intention of seeing mixed content messages? To filter the list to what you want, go ahead and type mix in the box at the upper right of the console. This should cut through the clutter.
You said: I called one of the companies w/whom I do business and asked about the status of their identity info. I was assured it was up to date, yet it doesn't seem to be reflected in FF.
What is the address of the site? If you click a gray lock and then click the More Information button, you will see that "Owner" always says "This website does not supply ownership information."
That's not to say a gray lock isn't a good thing: it indicates that between your Firefox and their server, what you send and receive is encrypted and should be gibberish to anyone trying to intercept your communication. But the certificate does NOT prove that the site owner is anyone in particular.
The reason is that a regular SSL certificate is issued based merely on control of a domain name, without having to prove the identity of the person applying for the certificate. Only an EVSSL certificate (green lock) can provide you any assurance as to the owner of the site.
Променено на
Hey jscher, thank you so much for the clarification.
To answer your question, "Did you open it with the intention of seeing mixed content messages?", I opened it mostly out of curiosity, just to see what it was.
So it sounds like having verified owner info isn't necessary to be on a safe site & that a gray lock means I can be fairly safe when conducting business, etc. But, when it comes to the gray globe or an 'x' through the lock, what can I do about protecting my info, whether its on an online email site or a site where I'm making a purchase?
Thanks again!
Hi CallyCat, if you have a gray globe on an email site, you may need to go into your account settings and turn on secure connections (HTTPS) so the site will default to that.
The "X" through the lock seems to be a feature of an add-on, and I'm not sure exactly what it means in relation to the standard icons described in earlier posts.
Thank you jscher. Is the ability to turn on the secure connection somewhere in my FF options, or is it through my ISP?
To date I have spoken with three 'reps' from my ISP, two in Costa Rica & one in CO. The two Costa Ricans said they don't use encryption. :o/ One of them seemed to know even less about encryption than I do and sadly, that isn't much, lol. Today I got a call from a rep/tech in CO regarding yet another webmail issue. He told me that they encrypt 'in the background' so FF wouldn't necessarily know that it was encrypted. Sadly this particular ISP always blames everyone else for whatever is wrong w/their email, website, etc.
If there is a way I can turn on the encryption via FF, I would appreciate instructions.
Thanks again to everyone for all of your help!
Hi CallyCat, I'm familiar with settings in popular webmail sites such as Hotmail (now Outlook.com), Yahoo, and Gmail, but might not be able to assist with your mail site. If you post the address of their help pages, perhaps someone can assist in finding the setting.
These are the the help site & forums:
http://customer.comcast.com/help-and-support/internet/
I would really appreciate any advice as I have googled & duckduckgo'd and searched the comcast forums to no avail other than to find a couple of threads sharing concern for lack of encryption. I might not just be using the right words or not holding my mouth right, lol. I sure can't get any help from comcast. Then tend to blame everyone but themselves so are basically no help at all.
Unfortunately, it appears that Comcast does not offer a secure connection to its webmail service, based on forum postings:
Search - email https - Comcast Help and Support Forums
So you wouldn't want to use their webmail for anything sensitive, like passwords or other account credentials.
I know that you can connect your mobile device client software and your desktop email software to Comcast's mail server securely, so those probably are the better solutions from a privacy and security perspective. I would especially avoid using their webmail over an open wi-fi connection where there is a high risk of snooping (people are just so darned curious).