Firefox will provide protection against automatic download of malicious files

0
324

Firefox will provide protection against automatic download of malicious files

This October, Mozilla developers will add a new security feature to their Firefox browser that prevents automatic download and installation of malware from websites. Starting with Firefox 82, the browser will block all file downloads from a sandboxed iframe.

Firefox
Firefox

This type of attack is called “drive-by download” and has been used by cybercriminals for many years. With their help, malware is downloaded at the moment when the user visits a site on the pages of which a special code is placed. Malicious code placed on such sites initiates an automatic download or asks for permission, and if confirmed, malware is delivered to the victim’s PC. Depending on which browser function the attackers are using, these types of attacks can be different from each other.

The developers of popular browsers such as Chrome and Firefox have integrated various automatic file download protection tools into their products over the years. However, it turned out to be not so easy to provide complete protection, since developers cannot block legitimate web functions, and also because attackers regularly identify new vulnerabilities and use them in their attacks.  

The next step in this direction was blocking downloads, initiated by “isolated frames” (iframes), which are often used to load ads and widgets on different sites. Blocking loading from iframes first appeared in Chrome 73, which was released in March 2019. In May of this year, Google released Chrome 83, from which this feature was completely removed.