Open Bug 1146911 Opened 9 years ago Updated 1 year ago

Malicious files are successfully downloaded through a download area using SSL enabled protocol.


(Firefox :: Downloads Panel, defect)

38 Branch




(Reporter: VarCat, Unassigned)




(1 file)

FF 38
Build id: 20150323004010
OS: Win 7 x64, Ubuntu 14.04 x86, Mac Os X 10.7.5


1. Go to
2. Download from "Download area using the secure, SSL enabled protocol https" section (eg:

The file is successfully downloaded without being blocked.
Monica, do you know if the integrity check is bypassed for SSL downloads?
Flags: needinfo?(mmc)
No, it is not skipped for SSL downloads. Francois is asking Google to put that download on their blocklist. Note that Chrome seems to be showing the POTENTIALLY_UNWANTED warning which we don't yet implement, but could now that the quarantine is implemented (see
Flags: needinfo?(francois)
Also related is that we don't currently do remote metadata lookups for Mac and Linux:
True, seems like comment 0 tried it out on Windows though.
Flags: needinfo?(francois)
Depends on: 1019933
No longer depends on: 1019933
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.