If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.
Red Hat Enterprise Linux 7 is running 60.6.0, which is presumably impacted.
Reproduced this on the firefox version shipping with Red Hat Enterprise Linux 7. 5 and 6 were not tested, but I am guessing that they are vulnerable.