Mozilla Firefox browser is the second most used browser application in the world and inevitably, some of your site visitors may use this open source application for their web browsing activities. As a website owner, you want to make sure your website is fully compatible with Firefox to meet the rapid demands of the internet population, where high expectations are set out on a good user experience for websites.
Firefox inspects security protocols before displaying web content. As such, you should factor in Firefox security implementation and display when looking to achieve a seamless user experience for Firefox users. These security protocols can be controlled on the administrator’s end and understanding them can help you as a site owner select an SSL security product that best suits your needs, as well as troubleshoot problems related to the HTTPS protocol.
Mozilla Firefox Security Icons 101
(1) Grey Globe
A grey globe icon on the address bar indicates no HTTPS security. This means that all connections made between Firefox browser and the website are not encrypted. Attackers can eavesdrop on communications and possibly steal data from your site.
For most websites, the grey globe will appear automatically and is the standard protocol used for sites without an SSL certificate.
Note: Do not send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to sites where the Site Identity button has a gray globe icon. – Mozilla
(2) Green Secure Padlock
A green secure padlock appears when a domain validated (DV) or organisation validated (OV) certificate is installed in the web server. While visually there is no difference in display between the certificates, an OV certificate is more reliable as a Certificate Authority (CA) – the authority that issues out the digital certificate – looks to verify the organisation behind the operating domain.
Organisation information can be seen when users click on the green lock icon.
(3) Green Secure Padlock with Entity Name and Location Displayed
A green padlock with green text displaying the entity’s name and location indicates that an Extended Validation (EV) Certificate is installed in the web server. EV Certificates uses the same encryption technology as DV and OV – 2048-bit with SHA-2 – but the compelling difference is the added green text that is proven to provide greater trust and confidence to users.
This security protocol is only available to EV as it undergoes a more stringent validation process to verify the entity behind the website.
(4) Green Secure Padlock with an Exclamation Mark
For locks with an exclamation mark symbol, this means that sites are secure but have varying content from both HTTP and HTTPS sources. Firefox automatically blocks out insecure HTTP content and this results in the website content from displaying accurately.
Mixed content is a security risk as attackers can replace HTTP content to manipulate visitors into revealing confidential data such as login ID and passwords.
(5) Grey Padlock with a Red Strikeout
A red strikeout on the padlock means that Firefox is not blocking out insecure content and the site is open to modification by attackers. This happens when an SSL certificate has expired on the web server or a wrong server certificate is used on the domain.
In this case, a new certificate should be installed.
(6) Grey Padlock with a Yellow Triangle Icon
A grey padlock with a yellow triangle indicates that the site is not secure and that there are HTTP contents which Firefox doesn’t block out even with an SSL certificate. Here, you will need to fix contents that are coming from HTTP sources to change the icon back to green.
Monitor Front-End Interface Regularly on Mozilla Firefox
The Mozilla Firefox browser is constantly updating and some of these updates may affect how your site content is presented to users. Monitoring your website on different browsers platforms and versions should be an instinctive habit to ensure the most accurate content and security displayed for achieving the best user experience you have to give for your users.
About Ashlee Ang
Ashlee is a content writer at Cyber Secure Asia where she writes about introductory topics on cyber security and cyber-related happenings in Singapore & South East Asia.