Firefox 92 bolsters Security by blocking Insecure Downloads

Leave a Comment

Recently released Firefox 91 has enabled HTTPS-only mode in Private browsing mode. With the next Firefox version 92, Firefox may improve security even further by blocking mixed insecure downloads.

Thanks to Google Safe Browsing, Firefox already blocks dangerous, potentially unwanted, and uncommon downloads.

Mozilla is now expanding the download protections in the Firefox browser even further by detecting and denying to download files over insecure connections from HTTPS sites by showing an error in the download panel:

Firefox says the file uses insecure connection
Firefox 92 blocked a file download citing it uses an insecure connection

File not downloaded. Potential security risk” the error reads.

File not downloaded potential security risk

Firefox explains the error details when the user clicks on it like below:

The file uses an insecure connection. It may be corrupted or tampered with during the download process. You can search for an alternate download source or try again later

The user can get the file at his own risk by clicking “Allow download”.

Firefox download panel even offers the option to remove it from the device for your security.

Most of the websites now use HTTPS over HTTP but still, an HTTPS page may offer content over HTTP, which is called Mixed content.

Most of the browsers including Firefox warn when it detects mixed content.

Till sometime, Mozilla has put Mixed content download blocking limited to Nightly only, recently, the company enabled the feature in Beta 92 and it may be shipped with the release.

Firefox dev claims according to their telemetry, the security feature blocks 1.5% of downloads.

Enable or disable insecure download Protection in Firefox 92

  1. Visit about:config
  2. Click on “Accept the Risk and continue”
  3. Type “insecure” in the search box,
  4. While the list is populated, find and change dom.block_download_insecure pref value to true
  5. Toggle the pref value to false to prevent or stop Firefox from blocking insecure downloads.

But doing the above is not recommended for your security.

What’s your take on this? Let us know in the comments below.

More on Firefox:

‘Firefox Suggest’: Mozilla tests Sponsored Search Suggestions

Mozilla’s UA String experiment to check if Firefox version 100 breaks websites

You can now use Firefox to Autofill other Apps on Android

Firefox 91 Supports opening downloads automatically, like Chrome

Venkat Eswarlu
Venkat Eswarlu

Venkat is an independent technology journalist and the founder of Techdows. He has been covering web browsers, Windows, and software news since 2009. His exclusive scoops on Chrome, Firefox, and Edge features have been cited by Forbes, TechCrunch, Wired, CNET, and other major publications.

Leave a Reply

Your email address will not be published. Required fields are marked *