Feed protocol with POST bypasses mixed content protections — Mozilla
Security researcher Masato Kinugawa reported that opening a target page using a POST to the url prefixed with the feed: protocol disables the mixed content blocker for that page. This could allow for the risk of a man-in-the-middle MITM scripting attack on pages that accidentally include insecure...