Firefox 93 arrives with blocking HTTP downloads, new user privacy features
John Leyden October 06 2021 at 13:36 UTC
Updated: October 06, 2021 at 13:37 UTC
Roadblocks erected against unreliable content and unwanted ads
Mozilla has added a number of security features which collectively serve to enhance the security of its Firefox browser.
Potentially insecure HTTP downloads from the HTTPS page will be blocked by default by Firefox 93, which started landing on user desktops as a stable branch version yesterday (October 5).
Additionally, downloads initiated from sandboxed iframes will be blocked, unless the ‘allow downloads‘ is defined.
The measures are designed to protect against insecure downloads for users of the latest version of Firefox, as explained in a Mozilla blog post.
Firefox 93 also disables Triple DES by default, deprecating an outdated encryption algorithm.
Other changes mean that Firefox 93 is launching enhanced privacy protections with SmartBlock 3.0.
If private browsing and strict tracking protection are enabled, the SmartBlock will block scripts, images and other third-party content from “intersite tracking companies reported by Disconnect”.
This is not an ad blocking technology per se, but rather an approach that blocks tracking technologies used by certain ad launchers, as explained in another Mozilla blog post.
DEEP DIVES What future for the safety of browsers? Discover the latest features for mobiles and desktops
The latest version of the open-source browser also features new referrer tracking protections that mean Firefox 93 will prevent websites from downgrading referrer policies for cross-site requests when Strict Tracking and Private Browsing protection is enabled.
The browser will also cut off the HTTP referrer for cross-site requests, regardless of website settings.
Gareth Hayes, browser technology security expert and security researcher at PortSwigger, the parent company of The Daily Swig, praised Mozilla’s browser security improvements.
“These are good changes, sandboxed iframes are often used to embed unreliable content – usually advertisements,” Hayes commented. “Preventing sandbox iframes from downloading files definitely improves security and prevents malicious ads from forcing a download on the user.”
Stay up to date with the latest browser security news
The security researcher continued, “Blocking HTTP downloads is another great feature because someone on the same network could modify your download. “
Stricter benchmark controls will also improve the privacy of Firefox users, according to Hayes, by bolstering features that debuted with Firefox 87.
Hayes explained, “Changing referrers is also good for security, any cross-site request in Firefox 93 will not send the full referrer. This means, for example, that when you search for something on a website and click on a link to another site, he cannot see the request you made on the other site while looking at the referrer. “
Released yesterday (October 5), Firefox 93 ships with several security fixes, including mitigations for a usage bug after free use in MessageTask, as well as several high-severity memory security issues.
YOU MAY ALSO LIKE Safari adds strict CSP support, catches up with other major browsers