Group : Admin
Posts : 118
2018-03-08 at 24:32
The ArtisBrowser protects you from attacks by blocking potentially harmful, insecure content on web pages that are supposed to be secure.
What is mixed content?
When you visit a page served over HTTP, your connection is open for potential eavesdropping and man-in-the-middle attacks. Most websites are served over HTTP because they don't involve passing sensitive information back and forth and do not need to be secured.
When you visit a page fully transmitted over HTTPS, like your bank, you'll see a green or blue padlock icon in the address bar. This means that your connection is authenticated and encrypted, hence safeguarded from eavesdroppers and man-in-the-middle attacks.
However, if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or potentially modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed” and the padlock will indicate this as such. The page you are visiting is only partially encrypted and even though it appears to be secure, it isn't.
By default, the ArtisBrowser will allow mixed passive content (images), but will block mixed active content (scripts) because active content can easily be abused to steal sensitive information. If content is blocked this way by Pale Moon, you will see the shield icon letting you know mixed content was blocked.
What are the risks of mixed content?
An attacker can replace the HTTP content on the page you're visiting in order to steal your credentials, take over your account, acquire sensitive data about you, or even attempt to install malware on your computer.
You should normally not allow mixed content on sites that are important to be properly secured, like a store checkout, bank, or eMoney provider.
When is mixed content common?
In some situations, mixed content can be a common occurrence. For example, if you use webmail to read your e-mail and you've received an HTML e-mail that includes images served over a plain HTTP connection. Always be aware of the potential risks involved even in these situations, and make sure that you check that any login page for your webmail is always fully secure.