Warning when downloading executable file over HTTP

UNCONFIRMED
Unassigned

Status

()

Firefox
Downloads Panel
--
major
UNCONFIRMED
2 years ago
2 years ago

People

(Reporter: Eldmannen, Unassigned)

Tracking

38 Branch
Unspecified
All
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150620063927

Steps to reproduce:

Went to some website and downloaded some potentially shade .exe (or .msi, .dmg, .rpm, .deb) file over HTTP or FTP.


Actual results:

It just let me download it without warning.


Expected results:

Firefox should have warned me or displayed a notice that I was downloading a executable binary over a non-secure source (HTTP instead of HTTPS).

Else the user could get infected by malware using a fake DNS attack, such as when on an open Wi-Fi network.
(Reporter)

Comment 1

2 years ago
Also display a notice in the Firefox Developer Console so that the developer is informed and aware that the visitors of his website can get infected by malware when they download software from his website and that he should use HTTPS/FTPS instead of HTTP/FTP.

Updated

2 years ago
Severity: normal → major
QA Whiteboard: [bugday-20150727]
Component: Untriaged → Downloads Panel
OS: Unspecified → All
You need to log in before you can comment on or make changes to this bug.