Batu69 Posted October 23, 2015 Share Posted October 23, 2015 The "feature" will be added to Firefox 44 Warning shown on login forms hosted on HTTP Richard Barnes, Mozilla head of Security Engineering, has announced on Twitter that Firefox will start marking any Web page that hosts login forms on HTTP connections as "insecure" and display an appropriate icon to warn users of the danger.This is a significant step towards making the Web a safer place, because even if the login form submits data to an HTTPS connection, attackers could still use JavaScript code loaded on the page to steal the user's password before it is sent to the more secure HTTP connection.Technically, as explained by Mr. Barnes, any HTML "input" tag set to work as a password field will automatically trigger this warning if the page's URL is HTTP. This means that it will also show up on sign up (registration) forms.The icon and popup displayed for this warning are the same as for the errors you see for insecure HTTPS certificates, but this was done on purpose since most Firefox users are trained to catch this type of error out of the corner of their eye and investigate the issue further.The feature is primed for launch in Firefox 44 but is already part of the Firefox Nightly edition. Firefox 44 will also add better SSL error notifications.PSA: In Firefox 44 Nightly, "http:" pages with are now marked insecure. pic.twitter.com/qS9LxuRPdm — Richard Barnes (@rlbarnes) October 20, 2015Source Link to comment Share on other sites More sharing options...
thunderpants Posted October 23, 2015 Share Posted October 23, 2015 Sounds like good news but i feel there is a long way to go yet . Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.