Mozilla Firefox to No Longer Allow Insecure Downloads
source link: https://news.softpedia.com/news/mozilla-firefox-to-no-longer-allow-insecure-downloads-533767.shtml
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Firefox 92 expected to block insecure downloads by default
Mozilla is getting ready to introduce another significant change for Firefox users, as the company wants the browser to block insecure downloads by default.
The change is likely to happen in Firefox 92, and as reported by TechDows, it’s specifically aimed at mixed content environments.
In other words, Mozilla wants Firefox to prevent downloads that aren’t served from an HTTPS link, as there’s a chance users could end up getting a craft file that could pose a threat to their computers.
A mixed content environment uses both HTTPS and HTTP links, but more often than not, the downloads are served through HTTP. This means that while the connection itself is considered to be secured, the download is directed through an HTTP server, therefore leaving users vulnerable to potential exploits.
Firefox 92 will introduce a new default behavior, therefore blocking downloads that are served from HTTP. At this point, the Nightly builds of Firefox do allow users to turn off this setting, but most likely, Firefox plans to enforce this policy at some point in the future.
Firefox 92 is projected to land on September 7.
You can still skip the block
Needless to say, Mozilla wants the implementation to be as straightforward as possible, so when a download served via HTTP is blocked, you should see a warning displayed in the download panel, along with a message to provide additional information on what exactly happened.
“File not downloaded: Potential security risk. The file uses an insecure connection. It may be corrupted or tampered with during the download process. You can search for an alternative download source or try again later,” the message displayed after the download is blocked reads.
Users, however, will have the option to remove the file but to also allow the download should they trust the connection and therefore skip the block.
Recommend
-
21
Google Chrome will soon block insecure downloads on HTTPS pagesGoogle recently rolled out the Chrome 80 stable update to Android and de...
-
8
How Firefox's HTTPS-only mode solves the first insecure request problem A change in the browser's default behavior gives a good solution to a tough problem
-
10
Mozilla Firefox is no longer accepting crypto donation following recent community backlash By Manuel Vonau Published 3 days ago ...
-
10
Mozilla releases Firefox 98 with automatic downloads ...
-
56
Meta will no longer allow the sharing of ‘publicly available’ private home addresses Removing an exception used by doxxers By...
-
7
-
6
Netflix's Upcoming Ad-Supported Tier Won't Allow Downloads for Offline Viewing ...
-
5
Twitter says it will no longer allow 'free promotion' of other social media platformsKey Points
-
15
X servers no longer allow byte-swapped clients In the beginning, there was the egg. Then fictional people started eating that from different ends, and...
-
5
Hutterer: X servers no longer allow byte-swapped clients [Posted January 6, 2023 by corbet] Peter Hutterer
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK