News

Firefox 93 blocks downloads via http and iframe by default

By admin
Spread the love

Firefox will now block downloads via http on https websites in version 93 by default. Downloads from sandboxed iframes are also blocked unless the iframe contains an attribute that allows downloads.

The moment Firefox 93 detects a download via http, a prompt will appear that allows the user to choose to download the file to be downloaded or cancel the process. This notification informs you that an insecure http connection has been detected and a ‘potential security risk’ exists.

“Using an insecure http connection, a hacker can modify or even replace downloadable files with malicious files,” it says on the Mozilla blog. “This can infect an entire system.”

Downloading files via sandboxed iframes is also blocked in version 93. These iframes often serve to embed third-party content on a website, but are also used to perform drive-by downloads, according to Mozilla. These types of downloads download unsolicited files to a user’s computer, often without requiring any interaction. That is disabled by default unless the specific iframe contains an attribute in its code that allows downloads.

Firefox 93 is rolling out to all users starting today.

Notification in Firefox version 93 on http download

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Reddit removes chat messages from before January 1, 2023 during migration

News

PC version Ratchet & Clank: Rift Apart required by DirectStorage 1.2 no SSD

News

Firefox beta has support for Nvidia video upscaling technique