Gunnar, have a look at this: . So your example using the Penta website was just a bad one, and I personally agree with the "INVALID" resolution of your bug report. In fact, showing a partially encrypted connection as an insecure one is an overall advantage for (l)user securities, as with the browser interfaces we are used to use, we don't know which parts are actually sent encrypted and which are not. As you can see in the example above a fully encrypted connection is properly reported as such by Firefox 3.0.

FWIW: I'm overall satisfied with Firefox 3.0, especially about the new URL bar Wouther is disliking. Yes it is a bit slower than before, but even on my 4-year old laptop it is perfectly usable.

The HTML title shown there? Well, it is rather handy when I start typing bugs.debian.org and then I've to discriminate among tons of almost identical bug report URLs ...

Is the about:config hand-holding dialog worst than the pop-up the first time you "have provided unencrypted information" in a random form? It is not, we have probably just forgot about the first time we unchecked the corresponding checkbox.

All in all, the only "feature" of the new Firefox I found incredibly stupid is the SSL certificate exception mechanism. Installing the untrusted certificate is what? ... 5 click-away from the initial page? That is just dumb. (And as it is well-known that habits form anyhow, getting the habits harder to form is just a way to piss-off users.)