Author: m
Description:
In the "secure" version of Wikipedia, there is a JavaScript embedded from http://geoiplookup.wikimedia.org. This makes the HTTPS somehow completely useless if the user has JavaScript enabled.
I understand that it is complicated to embed the images via HTTPS. But please fix at least that one here, as it really breaks the security (allowing an attacker to do anything), in contrast to the image thing (which only creates warnings and does allow an attacker to manipulate only the images).
Version: unspecified
Severity: major