[TheRecord] Firefox follows Chrome and prepares to block insecure downloads

Mozilla developers are putting the finishing touches on a new feature that will block insecure file downloads in Firefox.

Called mixed content downloaded blocking, the feature works by blocking files downloads initiated from an encrypted HTTPS page but which actually take place via an unencrypted HTTP channel.

The idea behind this feature is to prevent Firefox users from getting misled by the URL bar and think they’re downloading a file securely via HTTPS when, in reality, the file could be tampered with by third parties while in transit.

Feature specifics:

All HTTP files download from an HTTPS page will be blocked with a message in the Firefox Download Center (CTRL+J).An option will be available to let users allow the download if they choose to.HTTP file downloads from HTTP pages will not be blocked.Directly accessed HTTP download links (copy-pasted in the Firefox address bar) will not be blocked.The feature is already live and activated in Firefox Beta, Developer, and Nightly editions.Based on current Firefox bug tracker entries, the feature is expected to be activated for all Firefox users in v92, scheduled for a formal release at the start of September 2021.

A similar feature is already present in Chrome and the vast majority of Chromium-based browsers since late 2020, having been rolled out in multiple stages from Chrome v81 to v88.

Firefox Stable users who’d like to test it right now can go to the about:config settings page and enable the following option:

dom.block_download_insecure          set to true

The post Firefox follows Chrome and prepares to block insecure downloads appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] The Chris Krebs case for including election systems as critical infrastructure

All posts, ZDNet

The cybersecurity expert has told an Australian Parliamentary committee there are elements of the election administration function that should ‘absolutely’ be considered critical infrastructure. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability

All posts, HackerNews

Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. The update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core & Visual […]

Read More

[BleepingComputer] Brave launches its privacy-focused no-tracking search engine

Today, Brave launched their non-tracking privacy-centric search engine to bring another alternative to finding the information you want on the web without giving up your data. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.