If you have upgraded your version of Firefox to 42, you may have noticed a change affecting the security icons displayed by the browser to indicate secure connections to websites.
As you may know, Firefox displays different types of icons depending on the status of the connection to a site.
While Mozilla has not changed the number of indicators like Google did about a month ago, it has changed four of the five indicators in the Firefox browser.
The change can be confusing to users at first considering that they may see new indicators for the first time and may have troubles understanding what they actually refer to.
The following before and after graphic highlights the current and the previous state of security indicators in the Firefox web browser.
As you can see, the only indicator that has not changed at all is the one for “sites with EV certificates”. The indicator for “sites with DV certificates” changed slightly only, as Firefox paints the lock icon green as well now.
The difference between sites with DV and EV certificates is whether the organization’s name is highlighted in green after the lock icon or not.
The icons for mixed content sites have changed significantly. One common theme is the removal of secondary icons from two of the three mixed content indicators.
Sites with mixed active content blocked indicate this with a gray exclamation icon underneath the green lock icon now.
Sites with mixed active content allowed are highlighted with a crossed-out gray lock icon and a crossed-out https protocol in the address bar, and sites with mixed passive content that is loaded are highlighted with a gray lock icon and a yellow exclamation icon.
You may still click on the icon in front of the address to reveal additional information about the connection. Please note that you may need to click on the smaller icon to display the information and not the Page Info window.
Why did Mozilla make those changes to the security icons in Firefox?
The reason for changing the indicator of DV certificates is that “average user is likely not going to understand this color distinction between EV and DV certificate”, and that Mozilla wants to better highlight that both connections are secure.
The removal of the second icon has several reasons. First, Mozilla wanted to communicate the fact in a single place instead of two, second, the number of users who actually override mixed content protection is slim, and third, a similar iconography is used in Firefox’s private browsing mode.
Rule of Thumb
Basically, and this is probably the easiest way to understand the change, you can associate green with secure connections and gray with connections that are not secure.
Additional information are available on the Mozilla blog.