Connect with us

Hi, what are you looking for?


Firefox Browser to Block Insecure Downloads by Default

Image Source: Pixabay

Mozilla’s Firefox browser is set to block the downloading of insecure files in mixed content environments.

Mixed content occurs when websites use a combination of secure (HTTPS) and insecure (HTTP) connections. For example, when you are on a secure site and initiate a download that comes from an insecure source, it creates a mixed content situation.

Downloading files via insecure connections can pose risks such as potential tampering of the files by third parties on the network.

The upcoming Firefox version, likely Firefox 92 scheduled for release on September 7, 2021, will automatically block insecure downloads originating from HTTPS sites. Instead of initiating the download, the browser will show a warning in the download panel indicating a security risk with a red exclamation mark icon.

Users will have the option to either allow the download after seeing the warning or remove the file altogether.

It’s important to note that the blocking is due to the insecure connection and not because the file contains malware. However, it’s still recommended to scan downloaded files using antivirus software or services like Virustotal to ensure they are safe.

Firefox 92 will include a preference setting that allows users to control this behavior. Users can disable the security feature by following these steps:

Advertisement. Scroll to continue reading.
  • Enter about:config in the Firefox address bar.
  • Acknowledge the warning prompt.
  • Search for dom.block_download_insecure.
  • Toggle the value to
    • TRUE: to maintain the security feature.
    • FALSE: to deactivate the security feature.

Mozilla reports that nearly 98.5% of downloads in Firefox Nightly are done through HTTPS. This means that approximately 15 out of 1000 downloads may be blocked once the feature is implemented in the stable version of Firefox.

Google had introduced a similar blocking mechanism earlier in Chrome 86, where downloads from insecure sources were blocked if the webpage used HTTPS. Chrome notifies users in the download panel when a file cannot be downloaded due to its HTTP source, giving them the option to proceed with the download or cancel it, similar to how Firefox will handle such cases.

Final Thoughts

Default blocking of HTTP downloads originating from HTTPS pages will give users added security. However, users will have the flexibility to bypass this blocking and disable the security feature if needed.

Image Source: Pixabay

You May Also Like


Google takes search to the next level by incorporating an artificial intelligence enhancement. They’ve revealed AI Summaries, which adds an AI-powered synopsis atop the...


At a special event at the Microsoft Campus, Microsoft introduced Copilot+ PCs as the latest Windows PCs integrated with AI capabilities. Much of the...


Extensions are add-ons that provide extra functionalities to web browsers, but they can sometimes impact the performance negatively. A recent study focusing on the...


There was a mixed response when Netflix revealed its plan to introduce ads on its platform. Towards the end of 2022, the streaming service...