Firefox 23 is due for release on 17 May 2013. An important update with this release will be the default setting to block mixed content on websites.
What is mixed content?
Mixed Passive Content
This is content that is loaded over http but is unable to affect the actual coding of the page. For example an image loaded in the browser is unable to affect the scripted actions of the page. However an attacker would be able to intercept the headers of the image request and obtain information such as user agent and cookies.
Requests that include Mixed Passive Content over https will load but the padlock will not be shown in Firefox.
Mixed Active Content
When a user clicks the shield they get the option to Keep blocking or disable the protection for that page.
If the user opts to disable the protection then the page will load including the mixed content but the address bar will show a yellow warning triangle.
Removing mixed Content from Your Website
Many web designers have grown a little lazy and will often insert elements on the website that fail to load over https. Now is the ideal time to clean this up. Especially since you may start scaring away Firefox users. A good way to do this is whenever you are inserting third party scripts on your website make sure they are either using https or protocol relative links.
A quick search of your website source code for
will help highlight areas you are calling objects via non https sources. Is your website clean of mixed content warnings?