Firefox will add a new drive-by-download protection

[silversurfer]

Mozilla will add a new security feature to Firefox in October that will make it harder for malicious web pages to initiate automatic downloads and plant malware-laced files on a user's computer.

Called a drive-by download, this type of attack has been around for two decades and usually takes place when users visit a website that contains malicious code placed there by an attacker. The role of the malicious code is to abuse legitimate features in browsers and web standards to initiate an automatic file download or download prompt, in the hopes of tricking the user into running a malicious file.

This week, Firefox announced similar plans. Starting with Firefox 82, scheduled for release next month, in October 2020, Firefox will block all file downloads that originate from a sandboxed iframe. The only situations were downloads will be honored is if the website owner or the web widget provider has an "allow-download" flag on the iframe; however, most don't since this is a security risk and a reason why they use sandboxed iframes in the first, rather than classic iframes.

Firefox will add a new drive-by-download protection

Firefox will block automatic downloads initiated from sandboxed iframes -- the technology usually used for web embeds.

www.zdnet.com

 

[JB007]

Thanks @silversurfer for this report.
Is this new feature enough to give sufficient protection against drive-by-download ?

 

[koloveli]

Firefox have function for acess only sites https(SSL), see...



this already protect much...