Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Partially encrypted connection in secure site (Yahoo, after signing in)

  • 8 replies
  • 8 have this problem
  • 1 view
  • Last reply by Boudica

more options

After signing in to "secure" (padlock) Yahoo, when I click on "mail", the icon changes from the padlock to a greyed out triangle with "!" in the middle. It states "The connection to this website is not fully secure because it contains unencrypted elements such as images.

Technical Details: Connection partially encrypted. Parts of page you are viewing were not encrypted before being transmitted over the internet. Information sent over the internet without encryption can be seen by others while in transit.

Address bar shows: https://us-mg4.mail.yahoo.com (etc.)

The "General" tab shows: text/html Type

address: https

Content - Type text/html; charset+UTF-8

The only 2 cookies I have blocked for Yahoo are:

    analytics.yahoo.com 
    ads.yahoo.com

This began occurring about 2 weeks ago, and I am at a loss to explain why this is happening after no problems with Yahoo e-mail for quite a while, however I see changes to the program so am aware that changes have been made.

Any and all suggestions will be most sincerely appreciated.

After signing in to "secure" (padlock) Yahoo, when I click on "mail", the icon changes from the padlock to a greyed out triangle with "!" in the middle. It states "The connection to this website is not fully secure because it contains unencrypted elements such as images. Technical Details: Connection partially encrypted. Parts of page you are viewing were not encrypted before being transmitted over the internet. Information sent over the internet without encryption can be seen by others while in transit. Address bar shows: https://us-mg4.mail.yahoo.com (etc.) The "General" tab shows: text/html Type address: https Content - Type text/html; charset+UTF-8 The only 2 cookies I have blocked for Yahoo are: analytics.yahoo.com ads.yahoo.com This began occurring about 2 weeks ago, and I am at a loss to explain why this is happening after no problems with Yahoo e-mail for quite a while, however I see changes to the program so am aware that changes have been made. Any and all suggestions will be most sincerely appreciated.

Chosen solution

You can leave the two security.mixed_content.block* prefs at there default value.
I mentioned them to see that you can modify this behavior and can block passive (display) content, but that might cause issues on other web pages with missing images.

Read this answer in context 👍 0

All Replies (8)

more options

You can check he Web Console (Firefox/Tools > Web Developer) to see what mixed content is present on the page (search: mixed).
Those lines about mixed content likely appear a red text.

more options

Cor-el: Thank you for all of the information, however when all of this information comes up what is the next step to correct this problem? There are several lines with RED on them, and many other statements about some of the other listings. I do not know how to proceed to correct this problem. I followed your instructions as posted above, however now that the information was brought up, how do I delete the "bad" messages?

When I clicked on the link in your message there was a large amount of information, however I do not understand it, and what I can do to remove the "insecure" or "dangerous" messages which are appearing.

Please provide additional information? Thank you so much for your help!

Modified by Boudica

more options

You can't do anything about it as it is the Yahoo website that is responsible for sending data via an open connection.
You can only see in the Web Console what data is involved.

Is this about third-party content from other websites?

If there is mixed passive content (e.g. images) then Firefox shows an exclamation mark instead of "Site Identity Button" (globe/padlock) on the location bar.

In Firefox mixed content is controlled via these two prefs that you can inspect and modify on the about:config page.

  • security.mixed_content.block_active_content
  • security.mixed_content.block_display_content

See also:

more options

I had a message all ready to post, and after I stopped the e-mail update function it disappeared. Due to the problem with the e-mail I felt it would be best to stop the e-mail updates.

I am not receiving any e-mails from 3rd parties which I am aware of. The senders are all in my contacts.

Since I am such a novice, please forgive my numerous questions?

These 2 "prefs":

   security.mixed_content.block_active_content
   security.mixed_content.block_display_content 

What does each one indicate and how do I know which one to utilize in trying to correct the problem? Because of the mixed passive content (e.g. images) indication which would be the appropriate "security.mixed_ content to utilize? The exclamation point in the triangle is the indication which reflects the problem, however it only references the "unencrypted elements, such as images".

Once again, thank you, thank you, thank you, Cor-el, for your invaluable assistance.

more options

I think I have the e-mail updates stopped, so I will need to return in the morning to this site to read what is posted. Since I have had so many problems with the e-mail, I feel that security is a very serious issue.

Once again, thank you for all of your help, Cor-el

Modified by Boudica

more options

Cor-el:

I put in the about:config page, and there is a huge warning about "changing these advanced settings can be harmful, etc.". Is this safe? In the past I think I had accessed this menu, and not seen this warning.

I will not have much time today to try to work with this, however any further information would be most appreciated. Can I not make any changes after the "mixed content" lines appear without going to the about:config page?

Thank you once again for your patience and help. I am beginning to suspect that my entire computer may have been hacked into.

more options

Chosen Solution

You can leave the two security.mixed_content.block* prefs at there default value.
I mentioned them to see that you can modify this behavior and can block passive (display) content, but that might cause issues on other web pages with missing images.

more options

Cor-el, I do apologize for being unable to respond to your last post sooner. I had the computer checked out thoroughly, and it was clean. At the time it was being checked out, it was noted that others had exactly the same problem, using different computers and their own contacts. So it appears that this is something that has changed in Yahoo, and the e-mail menu does not have a secure fully encrypted option.

The information you posted, however is valuable, and I am keeping this bookmark for future reference if needed.

I am marking this "solved" because the information you have provided is significant as it relates to the question.

I admire your command of the knowledge which you possess, and appreciate you taking the time to be of assistance with so many questions!

THANK YOU ONCE AGAIN FOR YOUR INVALUABLE HELP (now and in the past).

Best regards!

Modified by Boudica