User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040131 Firebird/0.8.0+ when viewing an xml page over https that does not have an associated style sheet, i get a warning that the page contains unencrypted data. i guess this is because the default style sheet isn't flagged as being encrypted, triggering this warning. Reproducible: Always Steps to Reproduce: 1. ensure security.warn_viewing_mixed is true 2. visit https://xml.melissadata.com/xml.asp Actual Results: warning dialog: "you have requested an encrypted page that contains some unencrypted information .." Expected Results: no warning dialog.

This is a tricky one. It's probably the css-stylesheet that triggers the warning. Not sure how to avoid that other then inlineing the stylesheets.

That is indeed because of automatically applied stylesheet -- it is taken from chrome:// url and is considered unsecure. chrome:// is always local and, I guess, should be considered secure. I believe the same would happen if a page received over https would have file://<something> embedded in it. Found related bug: [ISSUE] file:// URLs in a http | https page do not work (clicking does nothing, do not auto-load, etc.) [dupe to bug 84128] http://bugzilla.mozilla.org/show_bug.cgi?id=122022

*** Bug 338282 has been marked as a duplicate of this bug. ***

(In reply to comment #2) Agreed. Will probably be fixed with bug 477118.

Just confirmed that attachment 366929 [details] [diff] [review] of bug 477118 fixes this problem.

fixed in bug 477118 as per comment 5