They check sites you visit against know malware sites.Firefox will verify the signature when you download an application file.The lists of sites are updated regularly.For files that are deemed not safe they are then sent to Googles safe browsing service to see if it is safe
Malware/Phishing protection is turned on by default in Firefox
The weird thing is the archive files are password protected. Firefox cannot detect them without extracting.
In my opinion, someone reported the Zippy link to Google Safebrowsing, so Firefox detected them
Firefox is more on website IP blocklist of malware and fraud but none applies if the file is on the process of downloading and exam them which defeats already the second defense. (Rely on AV realtime)