Help with SSL Vulnerability (Mixed Content)?

Question

Hey guys I have my own webserver that is hosting a website that I recently installed/setup a self-signed SSL cert. Securing the website seemed to go fine, but in firefox and IE I sometimes get pop up boxes that say something along the lines of "There is a mix of secure and insecure information on this page..." and in the firefox error console it says something about being possibly susceptible to an SSL vulnerability (CVE-2009).

1. Is this truly a vulnerability I should be worrying about?
2. Does anyone know what might be causing the problem/how I can fix whatever is causing the problem?

Answer 1

Basically you're serving up HTTP content somewhere on the page, be it an image, a CSS file or something else. One of the nicest ways to fix this is to use protocol relative URLs; they have the form of

"//example.com/image.gif"

for example

<img src="//example.com/image.gif" />

This has the effect of loading the resources using the protocol the hosting page has, http if it's http, https if it's https.

Fiddler is great for tracking these things down as the protocol for resources is clearly shown in the UI;

_{(source: enhanceie.com)}