Partially encrypted connection in secure site (Yahoo, after signing in)
After signing in to "secure" (padlock) Yahoo, when I click on "mail", the icon changes from the padlock to a greyed out triangle with "!" in the middle. It states "The connection to this website is not fully secure because it contains unencrypted elements such as images.
Technical Details: Connection partially encrypted. Parts of page you are viewing were not encrypted before being transmitted over the internet. Information sent over the internet without encryption can be seen by others while in transit.
Address bar shows: https://us-mg4.mail.yahoo.com (etc.)
The "General" tab shows: text/html Type
address: https
Content - Type text/html; charset+UTF-8
The only 2 cookies I have blocked for Yahoo are:
analytics.yahoo.com
ads.yahoo.com
This began occurring about 2 weeks ago, and I am at a loss to explain why this is happening after no problems with Yahoo e-mail for quite a while, however I see changes to the program so am aware that changes have been made.
Any and all suggestions will be most sincerely appreciated.
Chosen solution
You can leave the two security.mixed_content.block* prefs at there default value.
I mentioned them to see that you can modify this behavior and can block passive (display) content, but that might cause issues on other web pages with missing images.
All Replies (8)
You can check he Web Console (Firefox/Tools > Web Developer) to see what mixed content is present on the page (search: mixed).
Those lines about mixed content likely appear a red text.
Cor-el: Thank you for all of the information, however when all of this information comes up what is the next step to correct this problem? There are several lines with RED on them, and many other statements about some of the other listings. I do not know how to proceed to correct this problem. I followed your instructions as posted above, however now that the information was brought up, how do I delete the "bad" messages?
When I clicked on the link in your message there was a large amount of information, however I do not understand it, and what I can do to remove the "insecure" or "dangerous" messages which are appearing.
Please provide additional information? Thank you so much for your help!
Modified
You can't do anything about it as it is the Yahoo website that is responsible for sending data via an open connection.
You can only see in the Web Console what data is involved.
Is this about third-party content from other websites?
If there is mixed passive content (e.g. images) then Firefox shows an exclamation mark instead of "Site Identity Button" (globe/padlock) on the location bar.
In Firefox mixed content is controlled via these two prefs that you can inspect and modify on the about:config page.
- security.mixed_content.block_active_content
- security.mixed_content.block_display_content
See also:
I had a message all ready to post, and after I stopped the e-mail update function it disappeared. Due to the problem with the e-mail I felt it would be best to stop the e-mail updates.
I am not receiving any e-mails from 3rd parties which I am aware of. The senders are all in my contacts.
Since I am such a novice, please forgive my numerous questions?
These 2 "prefs":
security.mixed_content.block_active_content security.mixed_content.block_display_content
What does each one indicate and how do I know which one to utilize in trying to correct the problem? Because of the mixed passive content (e.g. images) indication which would be the appropriate "security.mixed_ content to utilize? The exclamation point in the triangle is the indication which reflects the problem, however it only references the "unencrypted elements, such as images".
Once again, thank you, thank you, thank you, Cor-el, for your invaluable assistance.
I think I have the e-mail updates stopped, so I will need to return in the morning to this site to read what is posted. Since I have had so many problems with the e-mail, I feel that security is a very serious issue.
Once again, thank you for all of your help, Cor-el
Modified
Cor-el:
I put in the about:config page, and there is a huge warning about "changing these advanced settings can be harmful, etc.". Is this safe? In the past I think I had accessed this menu, and not seen this warning.
I will not have much time today to try to work with this, however any further information would be most appreciated. Can I not make any changes after the "mixed content" lines appear without going to the about:config page?
Thank you once again for your patience and help. I am beginning to suspect that my entire computer may have been hacked into.
Chosen Solution
You can leave the two security.mixed_content.block* prefs at there default value.
I mentioned them to see that you can modify this behavior and can block passive (display) content, but that might cause issues on other web pages with missing images.
Cor-el, I do apologize for being unable to respond to your last post sooner. I had the computer checked out thoroughly, and it was clean. At the time it was being checked out, it was noted that others had exactly the same problem, using different computers and their own contacts. So it appears that this is something that has changed in Yahoo, and the e-mail menu does not have a secure fully encrypted option.
The information you posted, however is valuable, and I am keeping this bookmark for future reference if needed.
I am marking this "solved" because the information you have provided is significant as it relates to the question.
I admire your command of the knowledge which you possess, and appreciate you taking the time to be of assistance with so many questions!
THANK YOU ONCE AGAIN FOR YOUR INVALUABLE HELP (now and in the past).
Best regards!
Modified