Firefox will block insecure downloads on HTTPS pages

By Ewdison Then
SlashGear
SlashGear
 9 days ago
https://img.particlenews.com/image.php?url=321VNq_0bb5IwDx00

Slowly but surely, the Web has mostly moved to use secure HTTP or HTTPS as the default for browsing web pages. There are still a few exceptions, however, especially when talking about content that is downloaded via those supposedly secure web pages. It’s no longer enough just to mark web pages as “secure” but also the resources that come from them. Starting next month, Mozilla will follow in Chrome’s footsteps and will make Firefox block downloads on HTTPS pages that come from unsecured HTTP content.

The aggressive push to bring HTTPS to the forefront may have one unfortunate side-effect. Most people might mistake security for safety, presuming that everything on an HTTPS web page is safe. Technically speaking, HTTPS only guarantees that the connection to the page is secured through encryption, but the content on or from the page can still be fair game for hackers.

The danger is even greater when it comes to downloaded content that doesn’t come from the same HTTPS page. Dubbed as “mixed content downloads,” this brings the risk of HTTPS web pages creating an unsecured connection to an HTTP resource, negating the benefits of that secured web page. Web browsers today normally warn users about visiting non-HTTPS web pages but not about downloading from unsecured connections.

Google started making changes to Chrome earlier last year, and Mozilla will be following suit. Starting with Firefox 92, due on September 7th, the web browser will block and warn users when they are trying to download something via HTTP when they are on an HTTPS page. Of course, it isn’t a hard block, and users can still choose to go through with the download at their own risk.

https://img.particlenews.com/image.php?url=0eMv1k_0bb5IwDx00

As XDA points out, this new behavior only affects HTTP downloads on HTTPS pages. HTTP download on regular HTTP pages won’t trigger the warning. Additionally, pasting an HTTP download link directly in Firefox will also let it go through as normal.

SlashGear is a blog dedicated to highlighting the latest and greatest in technology and automotive.

 https://www.slashgear.com
#Firefox#Web Pages#Web Browser#Downloads
The National Cyber ​​Security Guidance Center has warned of high-risk vulnerabilities in the Google Chrome browser. The center of the Saudi National Cybersecurity Authority explained in a tweet via its Twitter account that Google has issued an update to address a number of serious vulnerabilities in its Chrome browser, in the desktop version of devices that work with systems (Windows, Mac and Linux ) which can pose a threat, as it allows hackers to exploit it to plant malware on targeted devices.

