Connect with us

Hi, what are you looking for?

Reviews

Firefox Browser to Block Insecure Downloads by Default

Image Source: Pixabay

Mozilla’s Firefox browser is set to block the downloading of insecure files in mixed content environments.

Mixed content occurs when websites use a combination of secure (HTTPS) and insecure (HTTP) connections. For example, when you are on a secure site and initiate a download that comes from an insecure source, it creates a mixed content situation.

Downloading files via insecure connections can pose risks such as potential tampering of the files by third parties on the network.

The upcoming Firefox version, likely Firefox 92 scheduled for release on September 7, 2021, will automatically block insecure downloads originating from HTTPS sites. Instead of initiating the download, the browser will show a warning in the download panel indicating a security risk with a red exclamation mark icon.

Users will have the option to either allow the download after seeing the warning or remove the file altogether.

It’s important to note that the blocking is due to the insecure connection and not because the file contains malware. However, it’s still recommended to scan downloaded files using antivirus software or services like Virustotal to ensure they are safe.

Firefox 92 will include a preference setting that allows users to control this behavior. Users can disable the security feature by following these steps:

Advertisement. Scroll to continue reading.
AIAD
  • Enter about:config in the Firefox address bar.
  • Acknowledge the warning prompt.
  • Search for dom.block_download_insecure.
  • Toggle the value to
    • TRUE: to maintain the security feature.
    • FALSE: to deactivate the security feature.

Mozilla reports that nearly 98.5% of downloads in Firefox Nightly are done through HTTPS. This means that approximately 15 out of 1000 downloads may be blocked once the feature is implemented in the stable version of Firefox.

Google had introduced a similar blocking mechanism earlier in Chrome 86, where downloads from insecure sources were blocked if the webpage used HTTPS. Chrome notifies users in the download panel when a file cannot be downloaded due to its HTTP source, giving them the option to proceed with the download or cancel it, similar to how Firefox will handle such cases.

Final Thoughts

Default blocking of HTTP downloads originating from HTTPS pages will give users added security. However, users will have the flexibility to bypass this blocking and disable the security feature if needed.

Image Source: Pixabay

You May Also Like

Reviews

Microsoft has introduced a new non-subscription variant of Microsoft Office designed for both residential and business users. This offering is distinct from the subscription-centric...

Reviews

PayPal has reportedly revised its privacy policy to facilitate the sharing of user data with external parties. Users do have an option to opt-out...

Reviews

When Microsoft launched the AI tool Windows Recall earlier this year, they were hopeful about its reception. The core idea behind Recall was to...

Reviews

HP highlighted two primary features of Print AI. The first, known as Flawless Output, is aimed at removing unnecessary components before printing and improving...