I'm still seeing the Verizon web mail login page as https.
What about HTTPS Everywhere?
You should update to Firefox 22, the 21 is now not secure.
Yes, I allow all cookies.
I tried it with FF 22. As before it works the first time perhaps because there is no verizon.net cookie.
When I navigated away from the page and then back I got the usual pop-up with a big question mark to the left:
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?
I may be going a bit off topic with this, but I don't get those warnings any longer and I'm seeing they've been disabled relatively recently in Firefox. So don't know why you're seeing that one. Even though all my settings in about:config for security.warn are at True, I'm apparently not getting any of those. I may have to check further about that, though.
This patch removes the following prompts:
1. Warning, you are about to enter a secure site
2. Warning, you are about to leave a secure site
3. Warning, you are about to submit a form to an insecure site, when you are already on an insecure site.
4. Warning, you are viewing a site with mixed content.
And further on
We already show the mixed content indicator in the address bar: globe vs. lock icon.
Support for those warning prefs has been removed.
bug 799009 - Remove support for obsolete SSL-related warning prompts
(please do not comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)
Warning, you are about to enter a secure site
Warning, you are about to leave a secure site
Warning, you are about to submit a form to an insecure site, when you are already on an insecure site.
Warning, you are viewing a site with mixed content.
So unless I'm reading the Buzilla Bug report wrong, I don't understand why you're getting that warning. It seems they are suggesting relying on the lock icon, not the popup, to be certain you're on a fully encyrpted connection.
The Verizon webmail link I gave above is https, but comes with this message.
Then, upon submitting the user and password, it switches to this. So I'm assuming that data is fully encrypted, not sent in the clear.
That only lasts a second or two, and when login is complete it immediately switches back to the first partially encrypted globe icon.
I think you should look for the actual globe vs. lock icons at the different stages of logging in, as I have. It may be the popup you're getting for mixed security content refers to the post login session, not the actually transmission of the password.
In any case, I'm not getting that popup.
OK just found this
Firefox 19 seems to have dropped the warnings about insecure HTTP(S) contents, i.e. warn about submitting form data over HTTP (no S!), mixed secure and insecure contents, leaving a HTTPS page and so on. How can I get these warnings back? Or are there now different warning mechanisms (e.g. showing an insecure form submission in adance, that means at the time of filling it in)?
Further down that page:
firefox will now allow you to block active mixed content though - enter about:config into the firefox location bar (confirm the info message in case it shows up) & search for the preference named security.mixed_content.block_active_content. double-click it and change its value to true.
I just changed that value to true, and I'm still not getting the mixed security popup at any point in the sequence of logging in to Verizon web mail. In about:config
Perhaps you want to check how you have that set in about:config. This is mine, now changed from false to true.
I almost always used Safari to access Verizon Webmail. I get a slightly different message from Safari:
This is a non-secure form.
This form will be sent in a way that is not secure. Are you sure you want to send it?
What Firefox does is of no interest to me unless it works there and not in Safari, thus indicating a browser-specific problem.