An update to site-identity in desktop Firefox

23 April, 2012 § 61 Comments

Update (24 April): For clarification, there are no plans to remove favicons from tabs, bookmarks, or Awesomebar suggestions.

Starting with yesterday’s Nightly build of Firefox, we have introduced a change to how we display site-identity in the address bar. These changes are intended to increase the security of our users as well as reduce some visual weight.

Since the dawn of time, we have included the site favicon in the address bar as part of the site-identity block. While the favicon can represent a piece of a site’s identity, there are some sites that set their favicon to a padlock. This behavior can trick users in to thinking that a site is using a secure connection when on an unsecured connection. Starting with yesterdays’s Nightly, we will no longer include the favicon in the address bar.

Websites that use SSL certificates with Extended Validation will now have a green padlock next to the certificate owner’s organization name.

Websites that use SSL certificates without Extended Validation will now have a grey padlock. The effective hostname will no longer appear next to the padlock. This information is redundant with our darkening of the effective hostname in the website address.

Websites that do not use SSL certificates or have mixed-content will fallback to a globe icon.

These changes are planned to reach our Release channel in mid-July.

Tagged: firefox, planet-mozilla, security

§ 61 Responses to An update to site-identity in desktop Firefox

Confusing the Padlock and the Favicon in the Web Browser | Secure Lagos says:

11 July, 2012 at 2:33 am

[…] displays the favicon in the URL, showing it only on tabs, bookmarks and Awesome bar suggestions, according to Firefox developer Jared Wein. This version of Firefox adds the padlock to the Site Identity Button, while preventing webmasters […]

Reply

JAWS