4 条评价
- 评分 5 / 5来自 geeknik,6 个月前
- 评分 5 / 5来自 Firefox 用户 13577855,7 年前
- 评分 4 / 5来自 akfek,7 年前
- 评分 5 / 5来自 Firefox 用户 12357313,8 年前Latent Mixed Content? If the definition is conceptual to what it applies is a fact.
The link provided by the developer to learn more about latent mixed-content vulnerabilities is worth reading.
We know that Firefox blocks by default Active Mixed Content, lets loose by default Display Mixed Content, but what about secure pages which include links to non-secure pages? The issue can be far more damageable for the user than a Display Mixed Content. That's the point which is excellently described in the above mentioned page.
moarTLS, when its toolbar button clicked, will display in a pop-up all the non-secure links included in a secure (https) page. Is this too much precautions? I was just wondering why some secure pages offer a link to register which leads to a non-secure page : absurd? Certainly. Am I aware of it? Maybe not. With moarTLS I can be aware of it with a simple click... a click on moarTLS' toolbar button before (if ever) the click on the link to the non-secure page!
You have to be logic, especially with security. If you're involved you have to be totally. It's always the gap between what we believe is enough security and more (moar!) security which makes the day of an intruder.