Firefox reporting a security warning with password field

Robin_Johnson · March 21, 2017, 10:46pm

I am using the latest Firefox browser with our Add-on, Blur – version 52.0 (64-bit). It is reporting a security warning when I attempt to enter my password.

The message is this:
This connection is not secure. Logins entered here could be compromised. A lock icon is also displayed with a red slash across it.

Is this really a security problem or has Firefox got it wrong?

We noticed that we don’t get the error in nightly build version 53. We think it’s because we use our own protocol (blur://) to talk to our background script which then uses https to communicate securely.

Thanks in advance for any insight!

david_ross · March 20, 2017, 2:15pm

Hi there Robin, thanks for your question.

This Discourse forum is intended to be used to improve communication among Mozilla Community members. You might find the Firefox Support pages more suited to answer your concern.

I’ve linked to several questions recently asking similar to your query.

You may be interested to find that this change is an implementation of recommendations from W3C calling for greater implementation of HTTPS as default.

Robin_Johnson1 · March 20, 2017, 3:26pm

Thank you for your help.

jorgev · March 21, 2017, 10:47pm

Is this showing up on a page created by your add-on? Or a page that your add-on modifies?

Robin_Johnson · March 21, 2017, 10:52pm

It shows up when users login to our add-on, on any page. Our login form talks to our background script via blur:// instead of https:// and Firefox is flagging it as insecure. We came up with a workaround-- not pretty, but should do the job.