DavidR
2
In all honesty I have never been much concerned about mixed content pages as there is nothing I can do about the situation aside from blocking the mixed content. I generally avoid https other than for known sites as I have said before those who try to browse enforcing/using all https don’t help themselves.
The network shield would still be working even if the original parent page is HTTPS, so if the mixed content comes from a malicious site it would still alert. As if this was intended and or a hacked site with mixed content your browser should at least warn you of the mixed content before you proceed with entering any logon details, etc.
I would also say that firefox with NoScript and Request Policy is likely to afford you some sort of protection as there is little point in trying to harvest this data if it can’t be collected/sent to the originator of the scam.