[TheRecord] Firefox follows Chrome and prepares to block insecure downloads

Mozilla developers are putting the finishing touches on a new feature that will block insecure file downloads in Firefox.

Called mixed content downloaded blocking, the feature works by blocking files downloads initiated from an encrypted HTTPS page but which actually take place via an unencrypted HTTP channel.

The idea behind this feature is to prevent Firefox users from getting misled by the URL bar and think they’re downloading a file securely via HTTPS when, in reality, the file could be tampered with by third parties while in transit.

Feature specifics:

All HTTP files download from an HTTPS page will be blocked with a message in the Firefox Download Center (CTRL+J).An option will be available to let users allow the download if they choose to.HTTP file downloads from HTTP pages will not be blocked.Directly accessed HTTP download links (copy-pasted in the Firefox address bar) will not be blocked.The feature is already live and activated in Firefox Beta, Developer, and Nightly editions.Based on current Firefox bug tracker entries, the feature is expected to be activated for all Firefox users in v92, scheduled for a formal release at the start of September 2021.

A similar feature is already present in Chrome and the vast majority of Chromium-based browsers since late 2020, having been rolled out in multiple stages from Chrome v81 to v88.

Firefox Stable users who’d like to test it right now can go to the about:config settings page and enable the following option:

dom.block_download_insecure          set to true

The post Firefox follows Chrome and prepares to block insecure downloads appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang

All posts, HackerNews

Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer […]

Read More

[SecurityWeek] 21-Year-Old Woman Pleads Guilty to Sending Phishing Emails to Political Candidates

All posts, Security Week

A 21-year-old Rhode Island woman has pleaded guilty to targeting candidates for political office and their campaign staff with phishing emails. The woman, Diana Lebeau, of Cranston, R.I., admitted in court to sending phishing emails to roughly 22 members of the campaign staff of a political candidate, posing as the campaign’s managers or co-chairs. read […]

Read More

[BleepingComputer] Over 60,000 domains parked at MarkMonitor could be taken over

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.