Here is Microsoft's blog post on the same subject: http://blogs.msdn.com/b/ie/archive/2011/06/23/internet-explorer-9-security-part-4-protecting-consumers-from-malicious-mixed-content.aspx
----- Original Message ----- > From: "Adam Barth" <abarth-mozi...@adambarth.com> > To: "Christopher Blizzard" <blizz...@mozilla.com> > Cc: "Chris Evans" <cev...@google.com>, mozilla-dev-secur...@lists.mozilla.org > Sent: Thursday, June 16, 2011 1:42:08 PM > Subject: Re: Mixed HTTPS/non-HTTPS content in IE9 and Chrome 13 dev > On Wed, May 18, 2011 at 1:00 PM, Christopher Blizzard > <blizz...@mozilla.com> wrote: > > On 5/18/2011 12:27 PM, Adam Barth wrote: > >> Indeed, which is why we experimented with a hard block. Our plan is > >> to move in smaller steps, hopefully in coordination with other > >> browser > >> vendors. > > > > Pick a date/release. We haven't talked about it, but we might game > > for that > > kind of action. (It's hard to break things on your own. :P) > > To update this thread, here's a blog post describing what we're > planning on doing: > > http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html > > We backed away from a hard block because too many sites broke. The > current plan is block + infobar + evangelism for active content > (script, plug-ins, CSS). If the evangelism goes well, we hope to move > to harder blocks in the future. > > If Firefox does something similar, we'll probably have a greater > chance of moving to a more secure default in the future. > > Thanks, > Adam > _______________________________________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security