Mozilla Toys with Drop Kicking Favicons from Firefox Address Bar

Favicons may seem harmless enough, but according to Mozilla, they can be pretty dangerous. The problem, as Mozilla explains it, is that pesky Web miscreants intentionally misuse and abuse favicons in order to do harm to your PC. How so, you ask?

"While the favicon can represent a piece of a site’s identity, there are some sites that set their favicon to a padlock. This behavior can trick users in to thinking that a site is using a secure connection when on an unsecured connection," Mozilla says.

It's a simple trick with potentially dire consequences for unsuspecting Internet users who aren't trained to second guess every single part of the Web browsing experience. Mozilla's solution is to drop favicons from Firefox altogether, which it has already done with the latest Nightly build.


For those using the Nightly build, they'll see a green padlock next to websites that use SSL certificates with Extended Validation. Those that use SSL certificates without Extended Validation will have a gray padlock, and those that omit both will simply fallback to a globe icon (see examples above).

Mozilla says it plans on implementing the change to its Release channel in mid-July.
Via:  Mozilla

blog comments powered by Disqus