Right. All content on an SSL (https pages) must also be https. On an insecure page, the script uses the about:blank address which is a stock blank page built into the browser, all browsers have this. But if it uses that on a secure page, it's seen as insecure. Some browsers will give a security violation notice, others just won't show it, or might throw an error. So for secure pages the script looks for blank.htm. But it's not there in your case so you get a 404.
All you have to do is make up a page with nothing on it. It can be completely empty or have just minimal HTML code with no content:
Save that or a completely empty file as blank.htm and put it in the same folder as your https page. Or if you have a lot of pages that need this in different folders, you can provide the absolute path to the file in the script. Just make sure that the file is on the https part of the site and provide that in the path, example:
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Using a text only editor like NotePad, insert the actual path to this file into the script as shown.
$(document.body).append('<IFRAME id="outlineiframeshim" src="'+(location.protocol=="https:"? '
https://www.oursite.com/files/blank.htm' : 'about:blank')+'" style="display:none; left:0; top:0; z-index:999; position:absolute; filter:progid:DXImageTransform.Microsoft.Alpha(style=0,opacity=0)" frameBorder="0" scrolling="no"></IFRAME>')
The browser cache may need to be cleared and/or the page refreshed to see changes.