Closed Bug 1189788 Opened 9 years ago Closed 6 years ago

Warning when downloading executable file over HTTP

Categories

(Firefox :: Downloads Panel, defect)

Product:
Firefox
Component:
Downloads Panel
Version:
38 Branch
Platform:
Unspecified
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1303739

People

(Reporter: eldmannen+mozilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150620063927

Steps to reproduce:

Went to some website and downloaded some potentially shade .exe (or .msi, .dmg, .rpm, .deb) file over HTTP or FTP.


Actual results:

It just let me download it without warning.


Expected results:

Firefox should have warned me or displayed a notice that I was downloading a executable binary over a non-secure source (HTTP instead of HTTPS).

Else the user could get infected by malware using a fake DNS attack, such as when on an open Wi-Fi network.
Also display a notice in the Firefox Developer Console so that the developer is informed and aware that the visitors of his website can get infected by malware when they download software from his website and that he should use HTTPS/FTPS instead of HTTP/FTP.
Severity: normal → major
QA Whiteboard: [bugday-20150727]
Component: Untriaged → Downloads Panel
OS: Unspecified → All
Forward duping given the same reporter and the fact that the other bug is being tracked better.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.