From 2aa4a82499d4becd2284cdb482213d541b8804dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 16:29:10 +0200
Subject: Adding upstream version 86.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../tests/mochitest/mixedcontent/alloworigin.sjs   |   6 +
 .../ssl/tests/mochitest/mixedcontent/backward.html |  18 ++
 .../ssl/tests/mochitest/mixedcontent/bug329869.js  |  11 ++
 .../mochitest/mixedcontent/bug383369step2.html     |  28 +++
 .../mochitest/mixedcontent/bug383369step3.html     |  29 +++
 .../ssl/tests/mochitest/mixedcontent/download.auto |   1 +
 .../mochitest/mixedcontent/download.auto^headers^  |   2 +
 .../tests/mochitest/mixedcontent/emptyimage.sjs    |   5 +
 .../ssl/tests/mochitest/mixedcontent/hugebmp.sjs   |  13 ++
 .../ssl/tests/mochitest/mixedcontent/iframe.html   |  14 ++
 .../ssl/tests/mochitest/mixedcontent/iframe2.html  |  15 ++
 .../mochitest/mixedcontent/iframeMetaRedirect.html |   8 +
 .../mochitest/mixedcontent/iframesecredirect.sjs   |   5 +
 .../mochitest/mixedcontent/iframeunsecredirect.sjs |   5 +
 .../mochitest/mixedcontent/imgsecredirect.sjs      |   5 +
 .../mochitest/mixedcontent/imgunsecredirect.sjs    |   5 +
 .../mochitest/mixedcontent/mixedContentTest.js     | 211 +++++++++++++++++++++
 .../ssl/tests/mochitest/mixedcontent/mochitest.ini |  65 +++++++
 .../tests/mochitest/mixedcontent/moonsurface.jpg   | Bin 0 -> 52159 bytes
 .../ssl/tests/mochitest/mixedcontent/moz.build     |   7 +
 .../ssl/tests/mochitest/mixedcontent/nocontent.sjs |   4 +
 .../mixedcontent/redirecttoemptyimage.sjs          |   5 +
 .../ssl/tests/mochitest/mixedcontent/somestyle.css |   4 +
 .../mochitest/mixedcontent/test_bug329869.html     |  36 ++++
 .../mochitest/mixedcontent/test_bug383369.html     |  92 +++++++++
 .../mochitest/mixedcontent/test_bug455367.html     |  37 ++++
 .../mochitest/mixedcontent/test_bug472986.html     |  46 +++++
 .../mochitest/mixedcontent/test_bug477118.html     |  34 ++++
 .../mochitest/mixedcontent/test_bug521461.html     |  39 ++++
 .../mochitest/mixedcontent/test_cssBefore1.html    |  42 ++++
 .../mochitest/mixedcontent/test_cssContent1.html   |  41 ++++
 .../mochitest/mixedcontent/test_cssContent2.html   |  46 +++++
 .../mixedcontent/test_documentWrite1.html          |  38 ++++
 .../mixedcontent/test_documentWrite2.html          |  40 ++++
 .../test_dynDelayedUnsecurePicture.html            |  47 +++++
 .../mixedcontent/test_dynDelayedUnsecureXHR.html   |  48 +++++
 .../mixedcontent/test_dynUnsecureBackground.html   |  44 +++++
 .../test_dynUnsecureIframeRedirect.html            |  44 +++++
 .../mixedcontent/test_dynUnsecurePicture.html      |  46 +++++
 .../test_dynUnsecurePicturePreload.html            |  36 ++++
 .../mixedcontent/test_dynUnsecureRedirect.html     |  39 ++++
 .../test_innerHtmlDelayedUnsecurePicture.html      |  42 ++++
 .../test_innerHtmlUnsecurePicture.html             |  40 ++++
 .../mixedcontent/test_javascriptPicture.html       |  34 ++++
 .../mochitest/mixedcontent/test_secureAll.html     |  42 ++++
 .../mochitest/mixedcontent/test_securePicture.html |  36 ++++
 .../mixedcontent/test_unsecureBackground.html      |  35 ++++
 .../mochitest/mixedcontent/test_unsecureCSS.html   |  38 ++++
 .../mixedcontent/test_unsecureIframe.html          |  36 ++++
 .../mixedcontent/test_unsecureIframe2.html         |  36 ++++
 .../test_unsecureIframeMetaRedirect.html           |  36 ++++
 .../mixedcontent/test_unsecureIframeRedirect.html  |  36 ++++
 .../mixedcontent/test_unsecurePicture.html         |  34 ++++
 .../mixedcontent/test_unsecurePictureDup.html      |  20 ++
 .../mixedcontent/test_unsecurePictureInIframe.html |  36 ++++
 .../mixedcontent/test_unsecureRedirect.html        |  36 ++++
 .../mochitest/mixedcontent/unsecureIframe.html     |   9 +
 .../mochitest/mixedcontent/unsecurePictureDup.html |  34 ++++
 58 files changed, 1841 insertions(+)
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/backward.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/download.auto
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/moz.build
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html

(limited to 'security/manager/ssl/tests/mochitest/mixedcontent')

diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
new file mode 100644
index 0000000000..8e9afb098c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
@@ -0,0 +1,6 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Access-Control-Allow-Origin", "*");
+  response.write("<html><body>hello!</body></html>");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/backward.html b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
new file mode 100644
index 0000000000..8699a07dda
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <script type="text/javascript">
+  "use strict";
+  window.onload = function()
+  {
+    window.setTimeout(function()
+    {
+      SpecialPowers.wrap(window).docShell
+        .QueryInterface(SpecialPowers.Ci.nsIWebNavigation)
+        .goBack();
+    }, 100);
+  };
+
+  </script>
+</head>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
new file mode 100644
index 0000000000..9d67ba1f92
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
@@ -0,0 +1,11 @@
+/* import-globals-from mixedContentTest.js */
+"use strict";
+
+document.open();
+// eslint-disable-next-line no-unsanitized/method
+document.write("This is insecure XSS script " + document.cookie);
+isSecurityState(
+  "broken",
+  "security broken after document write from unsecure script"
+);
+finish();
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
new file mode 100644
index 0000000000..4bbf9bfe8c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
@@ -0,0 +1,28 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test, step 2</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/does_not_exist.css">
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  window.onload = function runTest() {
+    window.setTimeout(function () {
+      window.location =
+        "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html?runtest";
+    }, 0);
+  };
+
+  async function afterNavigationTest()
+  {
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
new file mode 100644
index 0000000000..276c2343fd
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
@@ -0,0 +1,29 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test, final step</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "secure page after insecure download and insecure subcontent still secure");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "still secure after back/forward");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
new file mode 100644
index 0000000000..4d2fb7d5ae
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
@@ -0,0 +1 @@
+Temporary file for security/mixedconent tests
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
new file mode 100644
index 0000000000..9c3159e153
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
@@ -0,0 +1,2 @@
+Content-disposition: "attachment"
+Content-type: application/x-auto-download
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
new file mode 100644
index 0000000000..5cce2826f8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  //response.setHeader("Content-type", "image/gif");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
new file mode 100644
index 0000000000..20d9dea829
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
@@ -0,0 +1,13 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-type", "image/bitmap");
+  
+  let bmpheader = "\x42\x4D\x36\x10\x0E\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x10\x0E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+  let bmpdatapiece = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+
+  response.bodyOutputStream.write(bmpheader, 54);
+  // Fill 640*480*3 nulls
+  for (let i = 0; i < (640 * 480 * 3) / 64; ++i)
+    response.bodyOutputStream.write(bmpdatapiece, 64);
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
new file mode 100644
index 0000000000..064783e0cb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  This is frame 1:
+  <script>
+    "use strict";
+    // eslint-disable-next-line no-unsanitized/method
+    document.write(location.href);
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
new file mode 100644
index 0000000000..37fc604ea6
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
@@ -0,0 +1,15 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  This is frame 2:
+  <script>
+    "use strict";
+    // eslint-disable-next-line no-unsanitized/method
+    document.write(location.href);
+  </script>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
new file mode 100644
index 0000000000..6c7a5473cb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
@@ -0,0 +1,8 @@
+<!DOCTYPE HTML>
+<META http-equiv="Refresh"
+      Content="0; URL=http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html">
+<html>
+  <body>
+    Redirecting by meta tag...
+  </body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
new file mode 100644
index 0000000000..ea93b80b7d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
new file mode 100644
index 0000000000..937e29954f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
new file mode 100644
index 0000000000..7af6116e10
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
new file mode 100644
index 0000000000..a8eb26642a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
new file mode 100644
index 0000000000..6c300b7fc3
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
@@ -0,0 +1,211 @@
+"use strict";
+
+/**
+ * Helper script for mixed content testing. It opens a new top-level window
+ * from a secure origin and '?runtest' query. That tells us to run the test
+ * body, function runTest(). Then we wait for call of finish(). On its first
+ * call it loads helper page 'backward.html' that immediately navigates
+ * back to the test secure test. This checks the bfcache. We got second call
+ * to onload and this time we call afterNavigationTest() function to let the
+ * test check security state after re-navigation back. Then we again wait for
+ * finish() call, that this time finishes completelly the test.
+ */
+
+// Tells the framework if to load the test in an insecure page (http://)
+var loadAsInsecure = false;
+// Set true to bypass the navigation forward/back test
+var bypassNavigationTest = false;
+// Set true to do forward/back navigation over an http:// page, test state leaks
+var navigateToInsecure = false;
+// Open the test in two separate windows, test requests sharing among windows
+var openTwoWindows = false;
+// Override the name of the test page to load, useful e.g. to prevent load
+// of images or other content before the test starts; this is actually
+// a 'redirect' to a different test page.
+var testPage = "";
+// Assign a function to this variable to have a clean up at the end
+var testCleanUp = null;
+// Contains mixed active content that needs to load to run the test
+var hasMixedActiveContent = false;
+
+// Internal variables
+var _windowCount = 0;
+
+window.onload = async function onLoad() {
+  if (location.search == "?runtest") {
+    try {
+      if (history.length == 1) {
+        // Each test that includes this helper file is supposed to define
+        // runTest(). See the top level comment.
+        await runTest(); // eslint-disable-line no-undef
+      } else {
+        // Each test that includes this helper file is supposed to define
+        // afterNavigationTest(). See the top level comment.
+        await afterNavigationTest(); // eslint-disable-line no-undef
+      }
+    } catch (ex) {
+      ok(false, "Exception thrown during test: " + ex);
+      finish();
+    }
+  } else {
+    window.addEventListener("message", onMessageReceived);
+
+    let secureTestLocation = loadAsInsecure
+      ? "http://example.com"
+      : "https://example.com";
+    secureTestLocation += location.pathname;
+    if (testPage != "") {
+      let array = secureTestLocation.split("/");
+      array.pop();
+      array.push(testPage);
+      secureTestLocation = array.join("/");
+    }
+    secureTestLocation += "?runtest";
+
+    if (hasMixedActiveContent) {
+      SpecialPowers.pushPrefEnv(
+        { set: [["security.mixed_content.block_active_content", false]] },
+        null
+      );
+    }
+    if (openTwoWindows) {
+      _windowCount = 2;
+      window.open(secureTestLocation, "_new1", "");
+      window.open(secureTestLocation, "_new2", "");
+    } else {
+      _windowCount = 1;
+      window.open(secureTestLocation);
+    }
+  }
+};
+
+function onMessageReceived(event) {
+  switch (event.data) {
+    // Indication of all test parts finish (from any of the frames)
+    case "done":
+      if (--_windowCount == 0) {
+        if (testCleanUp) {
+          testCleanUp();
+        }
+        if (hasMixedActiveContent) {
+          SpecialPowers.popPrefEnv(null);
+        }
+
+        SimpleTest.finish();
+      }
+      break;
+
+    // Any other message is an error or success message of a test.
+    default:
+      SimpleTest.ok(!event.data.match(/^FAILURE/), event.data);
+      break;
+  }
+}
+
+function postMsg(message) {
+  opener.postMessage(message, "http://mochi.test:8888");
+}
+
+function finish() {
+  if (history.length == 1 && !bypassNavigationTest) {
+    window.setTimeout(() => {
+      window.location.assign(
+        navigateToInsecure
+          ? "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html"
+          : "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html"
+      );
+    }, 0);
+  } else {
+    postMsg("done");
+    window.close();
+  }
+}
+
+function ok(a, message) {
+  if (!a) {
+    postMsg("FAILURE: " + message);
+  } else {
+    postMsg(message);
+  }
+}
+
+function is(a, b, message) {
+  if (a != b) {
+    postMsg(`FAILURE: ${message}, expected ${b} got ${a}`);
+  } else {
+    postMsg(`${message}, expected ${b} got ${a}`);
+  }
+}
+
+async function isSecurityState(expectedState, message, test) {
+  if (!test) {
+    test = ok;
+  }
+
+  let state = await SpecialPowers.getSecurityState(window);
+
+  let isInsecure =
+    state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_INSECURE;
+  let isBroken =
+    state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_BROKEN;
+  let isEV =
+    state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL;
+
+  let gotState = "secure";
+  if (isInsecure) {
+    gotState = "insecure";
+  } else if (isBroken) {
+    gotState = "broken";
+  } else if (isEV) {
+    gotState = "EV";
+  }
+
+  test(
+    gotState == expectedState,
+    (message || "") + ", expected " + expectedState + " got " + gotState
+  );
+
+  switch (expectedState) {
+    case "insecure":
+      test(
+        isInsecure && !isBroken && !isEV,
+        "for 'insecure' excpected flags [1,0,0], " + (message || "")
+      );
+      break;
+    case "broken":
+      test(
+        !isInsecure && isBroken && !isEV,
+        "for 'broken' expected  flags [0,1,0], " + (message || "")
+      );
+      break;
+    case "secure":
+      test(
+        !isInsecure && !isBroken && !isEV,
+        "for 'secure' expected flags [0,0,0], " + (message || "")
+      );
+      break;
+    case "EV":
+      test(
+        !isInsecure && !isBroken && isEV,
+        "for 'EV' expected flags [0,0,1], " + (message || "")
+      );
+      break;
+    default:
+      throw new Error("Invalid isSecurityState state");
+  }
+}
+
+function waitForSecurityState(expectedState, callback) {
+  let roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
+  let interval = window.setInterval(async () => {
+    await isSecurityState(expectedState, "", isok => {
+      if (isok) {
+        roundsLeft = 0;
+      }
+    });
+    if (!roundsLeft--) {
+      window.clearInterval(interval);
+      callback();
+    }
+  }, 100);
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
new file mode 100644
index 0000000000..b63031004f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
@@ -0,0 +1,65 @@
+[DEFAULT]
+prefs =
+  security.mixed_content.upgrade_display_content=false
+support-files =
+  alloworigin.sjs
+  backward.html
+  bug329869.js
+  bug383369step2.html
+  bug383369step3.html
+  download.auto
+  download.auto^headers^
+  emptyimage.sjs
+  hugebmp.sjs
+  iframe.html
+  iframe2.html
+  iframeMetaRedirect.html
+  iframesecredirect.sjs
+  iframeunsecredirect.sjs
+  imgsecredirect.sjs
+  imgunsecredirect.sjs
+  mixedContentTest.js
+  moonsurface.jpg
+  nocontent.sjs
+  redirecttoemptyimage.sjs
+  somestyle.css
+  unsecureIframe.html
+  unsecurePictureDup.html
+
+[test_bug329869.html]
+[test_bug383369.html]
+skip-if = toolkit == 'android'
+[test_bug455367.html]
+[test_bug472986.html]
+[test_bug477118.html]
+[test_bug521461.html]
+[test_cssBefore1.html]
+[test_cssContent1.html]
+[test_cssContent2.html]
+[test_documentWrite1.html]
+[test_documentWrite2.html]
+[test_dynDelayedUnsecurePicture.html]
+[test_dynDelayedUnsecureXHR.html]
+[test_dynUnsecureBackground.html]
+[test_dynUnsecureIframeRedirect.html]
+[test_dynUnsecurePicture.html]
+[test_dynUnsecurePicturePreload.html]
+[test_dynUnsecureRedirect.html]
+disabled=intermitently fails, quite often, bug 487402
+[test_innerHtmlDelayedUnsecurePicture.html]
+[test_innerHtmlUnsecurePicture.html]
+[test_javascriptPicture.html]
+[test_secureAll.html]
+[test_securePicture.html]
+[test_unsecureBackground.html]
+[test_unsecureCSS.html]
+[test_unsecureIframe.html]
+[test_unsecureIframe2.html]
+[test_unsecureIframeMetaRedirect.html]
+disabled=intermittently fails, less often, bug 487632
+[test_unsecureIframeRedirect.html]
+[test_unsecurePicture.html]
+[test_unsecurePictureDup.html]
+[test_unsecurePictureInIframe.html]
+[test_unsecureRedirect.html]
+skip-if = verify && debug && (os == 'linux' || os == 'mac')
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
new file mode 100644
index 0000000000..c0ffca256a
Binary files /dev/null and b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg differ
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moz.build b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
new file mode 100644
index 0000000000..7c990fbc62
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
@@ -0,0 +1,7 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOCHITEST_MANIFESTS += ["mochitest.ini"]
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
new file mode 100644
index 0000000000..53fa4bc0c2
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
@@ -0,0 +1,4 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 204, "No Content");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
new file mode 100644
index 0000000000..4d85e16581
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
new file mode 100644
index 0000000000..9867e3c41e
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
@@ -0,0 +1,4 @@
+body
+{
+  background-color: lightBlue;
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
new file mode 100644
index 0000000000..ccb9a8d9cf
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>dymanic script load</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    window.setTimeout(function () {
+      let newElement = document.createElement("script");
+      newElement.src = "http://example.org/tests/security/manager/ssl/tests/" +
+                       "mochitest/mixedcontent/bug329869.js";
+      document.body.appendChild(newElement);
+    }, 0);
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "when we navigate back, we're loading our secure page again and not loading an insecure script, so our security state is secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
new file mode 100644
index 0000000000..d45d5eb761
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
@@ -0,0 +1,92 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* sendAsyncMessage isn't actually a global - this just mollifies eslint */
+  /* global sendAsyncMessage */
+  "use strict";
+
+  // We want to start this test from an insecure context
+  loadAsInsecure = true;
+  // We don't want to go through the navigation back/forward test
+  bypassNavigationTest = true;
+
+  async function runTest() {
+    let script = SpecialPowers.loadChromeScript(function() {
+      const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+      // Force download to be w/o user assistance for our testing mime type
+      const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+      let handlerInfo =
+        mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+      handlerInfo.preferredAction = Ci.nsIHandlerInfo.saveToDisk;
+      handlerInfo.alwaysAskBeforeHandling = false;
+      handlerInfo.preferredApplicationHandler = null;
+
+      const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+                           .getService(Ci.nsIHandlerService);
+      handlerSvc.store(handlerInfo);
+
+      let profileDir = Services.dirsvc.get("ProfDS", Ci.nsIFile);
+      profileDir.append("downloads");
+
+      let prefBranch = Services.prefs.getBranch("browser.download.");
+
+      prefBranch.setCharPref("dir", profileDir.path);
+      prefBranch.setBoolPref("useDownloadDir", true);
+      prefBranch.setIntPref("folderList", 2);
+
+      const { Downloads } =
+        ChromeUtils.import("resource://gre/modules/Downloads.jsm");
+      Downloads.getList(Downloads.PUBLIC).then(list => {
+        list.addView({
+          onDownloadAdded(aDownload) {
+            list.removeView(this);
+            aDownload.whenSucceeded().then(() => {
+              list.removeFinished();
+              sendAsyncMessage("navigate", "bug383369step2.html");
+            });
+          },
+        });
+        sendAsyncMessage("navigate", "download.auto");
+      }).catch(Cu.reportError);
+    });
+    script.addMessageListener("navigate", function(url) {
+      window.location = url;
+    });
+  }
+
+  async function afterNavigationTest() {}
+
+  testCleanUp = function cleanup() {
+    SpecialPowers.loadChromeScript(function() {
+      const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+      const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+      let handlerInfo =
+        mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+
+      const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+                           .getService(Ci.nsIHandlerService);
+      handlerSvc.remove(handlerInfo);
+
+      let prefBranch = Services.prefs.getBranch("browser.download.");
+
+      const prefKeys = ["dir", "useDownloadDir", "folderList"];
+      for (let prefKey of prefKeys) {
+        if (prefBranch.prefHasUserValue(prefKey)) {
+          prefBranch.clearUserPref(prefKey);
+        }
+      }
+    });
+  };
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
new file mode 100644
index 0000000000..d2ad64c454
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>No content image doesn't break security</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    SpecialPowers.pushPrefEnv(
+      {"set": [["security.mixed_content.upgrade_display_content", false]]},
+      null);
+    await isSecurityState("broken", "broken");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
new file mode 100644
index 0000000000..bd55a600ca
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src replace</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  SimpleTest.expectAssertions(0, 4);
+
+  // Clear the default onload assigned to test start because we must
+  // wait for replaced image to load and only after that test the security state
+  var onLoadFunction = window.onload;
+  window.onload = function()
+  {
+    let img1 = document.getElementById("img1");
+    img1.addEventListener("load", onLoadFunction);
+    img1.src = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+  };
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "secure");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "secure after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="img1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
new file mode 100644
index 0000000000..90932790f0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 477118</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "data <img> doesn't break security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "still secure after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1wAADdcBQiibeAAAAAd0SU1FB9kBDxIAOdxBIbcAAAI+SURBVDjLxZO7TxRhFMV/M/PN7EPYhS02yytggo+ERAgxERsNhYnGzsQojaHT3r9F0cTaUjs6NUQLBRKDi4I8FEwkLMgO+5rdeX3XAoVYiZWnP797cu69Bv8gqZ+0QTqIdRpl1VHGvnV884CJwQgwicVtoB/ku/H4ycOnURgP/Q1g21Fw4+r0RjbbNmaq4ayO35UkXp9S2UzHxK2bE4QNl82FVwD0D49jn+hERBCRgwTiIX7pvGUGYF/BlO327d3ENfV7wuL0AyjPICIsfPvAmev3qdVqlMtlCoUCGxurDPT1kEnPomQKkRTFpXOjh4DN4kvGLuSJ/JC38y/ouXyXYrGIiBDHMVtbu1SrvXTlbfp6HcQcoVwp5hRAaWedPXFYfL+E1lAKswSRy+joKEEQICLkcjm01hiGgRcksW0b4SMKYHb+OSt6ma+VffxWRF3S5OeeMX7pHkqpwy5EBK31H90ogFODF1lbm8OtlEhloDORpbdnhDAMaTabhwbbtkkkEkRRhGVZR4BCfojJO4+o1VwQAItEIolpmliWRVtbG7s/dlDKotGo47U8CvkuAEwA3/eJoxhE0WyGuO4+nucRBAHVahXDMKg3agRhQBAGVKsVtNZHCRzHwTAMcrnc0eX9it3e3g7A6cGzhx0AKHWwQOV5jdXXb2ZOaa3BOP5ffF5ZptVqflG+3xpbWv5kh2FolEo7dnmv7Lium6zXG0nf95MiguM4QTqd9jPZTCvX2eF393QHqVRKZ7KZkP+unzPGLX8Jr7F8AAAAAElFTkSuQmCC" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
new file mode 100644
index 0000000000..59085a5ec4
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 521461</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  SimpleTest.requestFlakyTimeout("Timeout in mixedContentTest");
+
+  loadAsInsecure = true;
+
+  async function runTest()
+  {
+    window.location = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs";
+    window.setTimeout(async () => {
+      await isSecurityState("insecure", "location.href doesn't effect the security state");
+      is(document.body.innerHTML, "This is an unsecure page!\n", "Document has not changed content");
+      finish();
+    }, 1000);
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("insecure", "still not secure after navigation");
+    is(document.body.innerHTML, "This is an unsecure page!\n", "Document has not changed content");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>This is an unsecure page!</body></html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
new file mode 100644
index 0000000000..98cee1bb53
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS :before styling 1</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+  <style type="text/css">
+    p:before
+    {
+      content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+    }
+  </style>
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure content added by :before styling breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p>
+    There is a moon surface left to this text
+  </p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
new file mode 100644
index 0000000000..5c5019ca78
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
@@ -0,0 +1,41 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS conent styling 1</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <style type="text/css">
+    p
+    {
+      content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+    }
+  </style>
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure content added by :before styling breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
new file mode 100644
index 0000000000..19e5784334
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS conent styling 2</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  if (navigator.platform.startsWith("Mac")) {
+    SimpleTest.expectAssertions(0, 1);
+  }
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    document.getElementById("para").style.content =
+      "url('http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg')";
+
+    waitForSecurityState("broken", async () =>
+    {
+      await isSecurityState("broken", "insecure content added by styling breaks security");
+      finish();
+    });
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("para").style.content, "");
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p id="para"></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
new file mode 100644
index 0000000000..90eca5bcdb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>document.write('<img src="http://">')</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> written dynamically breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  document.write(
+    "<img src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />");
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
new file mode 100644
index 0000000000..e009fd4f54
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>document.write('<iframe src="http://">')</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure iframe written dynamically breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  document.write(
+    "<iframe src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html'></iframe>");
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
new file mode 100644
index 0000000000..514902d047
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    window.setTimeout(function() {
+      // Don't do this synchronously from onload handler
+      document.getElementById("image1").src =
+        "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+    }, 0);
+
+    waitForSecurityState("broken", async () =>
+    {
+      await isSecurityState("broken", "src='http://...' changed to broken");
+      finish();
+    });
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
new file mode 100644
index 0000000000..d9a8cc8af7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
@@ -0,0 +1,48 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>unsecure XHR test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    window.setTimeout(async () => {
+      try {
+        let req = new XMLHttpRequest();
+        req.open("GET", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs", false);
+        req.send(null);
+
+        // Change should be immediate, the request was sent synchronously
+        await isSecurityState("broken", "security broken after insecure XHR");
+      } catch (ex) {
+        ok(false, ex);
+      }
+
+      finish();
+    }, 0);
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
new file mode 100644
index 0000000000..fd66b21a64
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>body.background changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    document.body.background =
+      "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+    waitForSecurityState("broken", async () => {
+      await isSecurityState("broken", "document.body.background='http://...' changed to broken");
+      finish();
+    });
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.body.background,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "document backround secure again");
+    await isSecurityState("secure", "secure after re-navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body background="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
new file mode 100644
index 0000000000..8934de4b79
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>iframe.src changes to unsecure redirect test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    let self = window;
+    let iframe = document.getElementById("iframe1");
+    iframe.onload = async () => {
+      await self.isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+      self.finish();
+    };
+
+    iframe.src =
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs";
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe id="iframe1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
new file mode 100644
index 0000000000..5ef5a28b2c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  SimpleTest.requestFlakyTimeout("Timeout in mixedContentTest");
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    document.getElementById("image1").src =
+      "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+    window.setTimeout(async () => {
+      await isSecurityState("broken", "src='http://...' changed to broken");
+      finish();
+    }, 500);
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
new file mode 100644
index 0000000000..d8506e8cc5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  (new Image()).src =
+    "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "(new Image()).src='http://...' changed to broken");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
new file mode 100644
index 0000000000..a73c7f8619
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure redirect test</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    document.getElementById("image1").src =
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs";
+
+    window.setTimeout(async () => {
+      await isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+      finish();
+    }, 500);
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
new file mode 100644
index 0000000000..45bf140384
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>innerHTML changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  SimpleTest.requestFlakyTimeout("Timeout in mixedContentTest");
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+
+    window.setTimeout(function () {
+      document.getElementById("buddy").innerHTML =
+        "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+    }, 1);
+
+    waitForSecurityState("broken", async () => {
+      await isSecurityState("broken", "innerHTML loading insecure changed to broken");
+      finish();
+    });
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("buddy").innerHTML, "\n", "innerHTML back to previous");
+    await isSecurityState("secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body id="buddy"></body></html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
new file mode 100644
index 0000000000..d8b3e5f6e0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>innerHTML changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  SimpleTest.requestFlakyTimeout("Timeout in mixedContentTest");
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+
+    document.getElementById("buddy").innerHTML =
+      "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+
+    window.setTimeout(async () => {
+      await isSecurityState("broken", "innerHTML loading insecure changed to broken");
+      finish();
+    }, 500);
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("buddy").innerHTML, "\n", "innerHTML back to previous");
+    await isSecurityState("secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body id="buddy"></body></html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
new file mode 100644
index 0000000000..66a28ce74e
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Secure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "javascript: <img> should not break security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "Still secure after renavigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="javascript:'Random data'" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
new file mode 100644
index 0000000000..efd754dd58
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>All secure anti-regression check</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <link rel="stylesheet" type="text/css"
+    href="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  // Navigation test goes over an insecure page, test state leak
+  navigateToInsecure = true;
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs" />
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
new file mode 100644
index 0000000000..961713a2da
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Secure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  loadAsInsecure = true;
+
+  async function runTest()
+  {
+    await isSecurityState("insecure", "left insecure");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("insecure", "left insecure after renavigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
new file mode 100644
index 0000000000..02fdb29d41
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>background unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "security broken");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body background="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
new file mode 100644
index 0000000000..c775347e72
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure css load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <link rel="stylesheet" type="text/css"
+    href="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
new file mode 100644
index 0000000000..291ce3747e
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
new file mode 100644
index 0000000000..8f49ecda51
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
new file mode 100644
index 0000000000..4eebbf5b22
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure redirect iframe load</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    window.setTimeout(async () =>
+    {
+      await isSecurityState("broken", "insecure meta-tag <iframe> load breaks security");
+      finish();
+    }, 500);
+  }
+
+  async function afterNavigationTest()
+  {
+    window.setTimeout(async () =>
+    {
+      await isSecurityState("broken", "security still broken after navigation");
+      finish();
+    }, 500);
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
new file mode 100644
index 0000000000..12a4233494
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure redirect iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
new file mode 100644
index 0000000000..3c19811db9
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
new file mode 100644
index 0000000000..81ed58ffde
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load in two windows</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  openTwoWindows = true;
+  testPage = "unsecurePictureDup.html";
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
new file mode 100644
index 0000000000..21bcf5f810
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img in iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> in an <iframe> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
new file mode 100644
index 0000000000..82611ff3fe
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Redirect from secure to unsecure img</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
new file mode 100644
index 0000000000..2282677418
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
new file mode 100644
index 0000000000..7ce3701620
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load in two windows</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>
-- 
cgit v1.2.3