Jump to content

Firefox Adds Warnings About Insecure Login Forms Hosted on HTTP Pages


Recommended Posts

The "feature" will be added to Firefox 44


Warning shown on login forms hosted on HTTP

Richard Barnes, Mozilla head of Security Engineering, has announced on Twitter that Firefox will start marking any Web page that hosts login forms on HTTP connections as "insecure" and display an appropriate icon to warn users of the danger.

This is a significant step towards making the Web a safer place, because even if the login form submits data to an HTTPS connection, attackers could still use JavaScript code loaded on the page to steal the user's password before it is sent to the more secure HTTP connection.

Technically, as explained by Mr. Barnes, any HTML "input" tag set to work as a password field will automatically trigger this warning if the page's URL is HTTP. This means that it will also show up on sign up (registration) forms.

The icon and popup displayed for this warning are the same as for the errors you see for insecure HTTPS certificates, but this was done on purpose since most Firefox users are trained to catch this type of error out of the corner of their eye and investigate the issue further.

The feature is primed for launch in Firefox 44 but is already part of the Firefox Nightly edition. Firefox 44 will also add better SSL error notifications.

PSA: In Firefox 44 Nightly, "http:" pages with are now marked insecure. pic.twitter.com/qS9LxuRPdm — Richard Barnes (@rlbarnes) October 20, 2015


Link to comment
Share on other sites

  • Replies 1
  • Views 851
  • Created
  • Last Reply


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...