Firefox Will Add A New Drive-by-download Protection

firefox.png
Image: Mozilla

Mozilla will add a new security feature to Firefox in October that will make it harder for malicious web pages to initiate automatic downloads and plant malware-laced files on a user's computer.

Called a drive-by download, this type of attack has been around for two decades and usually takes place when users visit a website that contains malicious code placed there by an attacker.

The role of the malicious code is to abuse legitimate features in browsers and web standards to initiate an automatic file download or download prompt, in the hopes of tricking the user into running a malicious file.

There are multiple forms of drive-by downloads, depending on the browser feature attackers decide to use.

Browsers like ChromeFirefox, and Internet Explorer have, across the years, gradually deployed various forms of protections against automatic drive-by downloads, but 100% protection can't be fully achieved because browser makers can't fully block legitimate web features and also because of the shifting landscape of web attacks, with attackers always finding a new hole to poke at.

The latest round of protections that browser makers have decided to ship against drive-by downloads targets a technology called "sandboxed iframes," which is often used to load ads and embeddable widgets (videos, music tracks, podcasts) on third-party sites.

The idea is that websites rarely initiate downloads via sandboxed iframes since most of these widgets are usually used to embed content.

Chrome was first to block downloads initiated from "sandboxed iframes" with the release of Chrome 73, in March 2019, and the option was removed completely in Chrome 83, in May 2020.

This week, Firefox announced similar plans. Starting with Firefox 82, scheduled for release next month, in October 2020, Firefox will block all file downloads that originate from a sandboxed iframe.

The only situations were downloads will be honored is if the website owner or the web widget provider has an "allow-download" flag on the iframe; however, most don't since this is a security risk and a reason why they use sandboxed iframes in the first, rather than classic iframes.

Browsers are complex piles of code, and this is a small update in the grand scheme of things, but this is usually how you build a secure product, reacting to threats as they come, and making tiny adjustments here and there, over time.

A similar feature was proposed to the Safari WebKit team, but no plans have been laid out yet for its implementation.

RECENT NEWS

Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals

The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more

AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments

Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more

Technology Sector Fuels U.S. Economic Growth In Q2

The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more

Tech Start-Ups Advised To Guard Against Foreign Investment Risks

The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more

Global IT Outage Threatens To Cost Insurers Billions

Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more

Global IT Outage Disrupts Airlines, Financial Services, And Media Groups

On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more