When browsing a secure site (which uses HTTPS) Firefox blocks any Active Mixed Content (unencrypted source scripts, osea HTTP), which could be intercepted and modified with relative ease. A shield icon appears in the address bar with the message Firefox has blocked unsafe content (“Firefox has blocked content that isn’t secure”), and offers the option to disable protection.
Unfortunately the protection blocks many bookmarlets, even after deactivating it, including the handy KeepVid bookmarlet for downloading Youtube videos (and others), which produces a sad error in the console when trying to download from Youtube (which now requires a secure connection if you're logged in):
Blocked loading mixed active content "http://keepvid.com/js/bm.js"
This is because the KeepVid script is on an unsecured connection. (HTTP) –and also obtains data from YouTube itself, but also using HTTP…
Disabling protection completely is a very bad idea. We also can't expect all bookmarlet creators to add HTTPS support anytime soon. A temporary solution, if you don't mind reducing your privacy and security, is to open a window in incognito mode and open the video there using HTTP. Or you can also log out. KeepVid also provides an alternative method using Java; but Java is so insecure that rather than disabling it, it is recommended to uninstall it.
But there is a permanent solution: copy the script to a secure server (like that of the excellent free service of GitHub), and edit it to use only HTTPS when loading other scripts, which is what I did with KeepVid (drag it to your bookmarks bar and use it on Youtube):