Firefox 23 Mixed Content Blocking

Bulletin/Advisory Information: Mozilla introduced Mixed Content Blocking in the latest version of Firefox (23).  Intended as a security response to “man in the middle” attacks, this feature blocks mixed content by default unless  specifically allowed during each page visit.  This specifically impacts non-https content loaded into a https page.  For more information about this security feature, please visit following Mozilla support article:

https://support.mozilla.org/en-US/kb/how-does-content-isnt-secure-affect-my-safety?as=u&utm_source=inproduct

While other browsers like Chrome and Internet Explorer implement Mixed Content Blocking in similar fashions, in most cases they allow the user to add exceptions or permanently allow access to mixed content from a particular page.  Firefox 23 requires this content to be allowed on each page visit without a method to permanently allow content within that page only.

In Bb , content “link” types load within an Bb frame (even when set to open in a new window).  Bb  does this purposely so that when user tracking is enabled, it is possible to run activity reports on which students access those links, as opposed to a straight href external link where Bb cannot track any of that.  Therefore, Bb customers using SSL and linking to non-SSL content will see this manifested most often in blank frames with the “grey shield” icon represented in the browser’s address bar as described in the Mozilla post, although this could impact other application areas as well.

The solution if you are linking to non SSL content from within Bb is to add the link and ask Bb to “open in a new window”.