CVE 2018-12403
If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.
See the
CVE page on Mitre.org
for more details.