Firefox blocks all GitHub release downloads as deceptive

Martin Brinkmann
Jul 25, 2017
Updated • Jul 27, 2017

If you are using the Mozilla Firefox web browser right now to download releases hosted on the project hosting website Github, you will notice that you cannot do so directly anymore.

For instance, if you try to download the latest Atom editor builds, you get the warning message.

The browser displays a "deceptive site!" warning when you click on a download link and states that site the downloads are hosted on has been reported and blocked.

Update: The issue has been resolved.

Downloads on GitHub are powered by Amazon AWS.

This web page at "site url" has been reported as a deceptive site and has been blocked based on your security preferences.

Deceptive sites are designed to trick you into doing something dangerous, like installing software, or revealing personal information, like passwords, phone numbers or credit cards.

Entering any information on this web page may result in identity theft or other fraud.

deceptive site github

I tested this using Firefox Stable and Firefox Nightly, and both browsers showed the "deceptive site" intermediary page for most -- but not all -- GitHub release downloads that I tried to download.

Source file downloads don't seem to be affected, but any other download, be it for Windows, Linux or Mac, appears to the flagged by the Firefox browser currently.

While it is theoretically possible that the whole of GitHub has been compromised, it seems highly unlikely. Firefox users may bypass the warning to continue with the download.

  1. When you get the "Deceptive Site" warning in Firefox, click on the "ignore this warning" link displayed in the bottom right corner of the warning page.
  2. This bypasses the warning page and starts the download of the selected file.

I tried the downloads in other browsers, thinking that it may be a problem with Google's Safe Browsing security feature. Chrome downloads these release files just fine however which means it is probably not, unless Mozilla uses a different version than Google does.

Closing Words

This is a misconfiguration most likely, and something that will probably be resolved quickly by Mozilla. It is interesting to note that this affects Mozilla's repositories on GitHub as well.

Firefox blocks all GitHub release downloads as deceptive
Article Name
Firefox blocks all GitHub release downloads as deceptive
The Firefox web browser blocks all GitHub release downloads right now by marking the download site as deceptive and displaying a warning page.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Guest703 said on July 27, 2017 at 8:05 pm

    Martin, any chance you could do an article on this topic?

  2. Omar said on July 26, 2017 at 10:27 pm

    I tried to download from mentioned site ( firefox browser ) and was no problem .

  3. Curtis K said on July 26, 2017 at 9:45 pm
  4. Mystique said on July 26, 2017 at 4:44 pm

    Pale Moon Browser also shares the same defect. It has been happening for a few days now (possibly a week)


    Secure Connection Failed

    An error occurred during a connection to

    The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden.

    (Error code: mozilla_pkix_error_key_pinning_failure)


    Disabling HPKP resolves the issue but do so at your own discretion.

    Options > Security > Enable Certificate Key Pinning (HPKP)

  5. alison said on July 26, 2017 at 5:49 am

    WaterFox doesn’t have this; and it’s a superfast browser too.

  6. Anonymous said on July 26, 2017 at 4:27 am

    uMatrix says it is a script from I blocked it, no “problem prevented this page from loading” anymore.

  7. Richard Steven Hack said on July 26, 2017 at 3:30 am

    Well, today I couldn’t access this GHacks page in Firefox. I kept getting a “problem prevented this page from loading” message, I think from AdBlock.

    When I “temporarily enable all this page”, the page finally loaded. Don’t know which server or script was the problem.

  8. CHEF-KOCH said on July 26, 2017 at 12:07 am

    I recently had similar popup banner on ghacks, after 1 day or so it went away. Maybe just False/positive on adblocker. Fun thing I disabled adblock for ghacks.

  9. Troy said on July 25, 2017 at 5:18 pm

    Seems to be working for me using Firefox 54 default settings. was able to download the Atom Editor without any bannor

  10. dmacleo said on July 25, 2017 at 5:12 pm

    aws issue I bet

  11. CHEF-KOCH said on July 25, 2017 at 4:52 pm

    Useless to block most popular sites anyway. Makes no sense. GitHub is especially designed to share files and knowledge.

  12. Anonymous said on July 25, 2017 at 4:46 pm

    All downloads on Github are already blocked by NoScript on my side anyway:
    “NoScript filtered a potential cross-site scripting (XSS) attempt”…

    1. Anonymous said on July 28, 2017 at 9:32 am

      Still me: v [XSS] Fixed bug causing false positives (thanks Georg Koppen for reporting).

  13. Richard Allen said on July 25, 2017 at 3:19 pm

    Firefox v54 and Nightly are both downloading from github without issue on my end. I don’t use any of the options under “Phishing Protection”. Don’t use Google’s version of safebrowsing either. I’ve never been convinced it was worth the bandwidth, for me. But then I’ve been known to enable it for others though. ;)

  14. insanelyapple said on July 25, 2017 at 3:06 pm

    The only problem I have with github recently is that damn banner “Join github today” that seems to be prone to remember that I’m not interested when I click “dismiss”.

    And the problem you’re talking about may be related to safe browsing/pishing protection component – I have turned these lists off and I see no problem with accessing page.

    1. Heimen Stoffels said on July 25, 2017 at 4:36 pm

      If you’re using uBlock (or something similar like AdGuard), you can simply block the banner by right-clicking it and selecting Block Element.

  15. TelV said on July 25, 2017 at 2:20 pm

    Doesn’t seem to be a problem at which loads normally.

    1. Martin Brinkmann said on July 25, 2017 at 2:25 pm

      This has no releases. This affects only the releases.

      1. HK-Rapper said on July 25, 2017 at 9:57 pm

        I’m not upset and I enjoy Martin’s site a lot. The thing is, this is a “Google Safe Browsing” message.

        So it would have happened on all the browsers I’ve mentioned above, not just FF. For journalistic completeness this should have been tested with more browsers and GSB on/off, a different headline reflecting on it.

        Occasionally people report safe websites to GSB in order to grief. Whatever caused the site being flagged as bad surely is gone. I never noticed it because I don’t trust google. The wiki article sheds light on the privacy issues with GSB.

      2. Martin Brinkmann said on July 26, 2017 at 6:52 am

        I tested this in Chrome and it did not happen. It only happened in Firefox. If it would have happened in all browsers that use Safe Browsing, I’d use a title that reflects that, but it only happened in Firefox.

      3. ams said on July 25, 2017 at 8:26 pm

        I can’t understand why HK-Rapper seems upset. Has the article title already been edited, prior to my reading?

        I’m saying: Martin, thanks for the article. Whatever the cause of the problem ~~ mismatched certificate, cross-site scripting, fumbled http header redirects… firefox’s handling of the situation is non-ideal. Upon encountering such a block page, I’m unsure what a user SHOULD choose to do: proceed? exit? clear browser cache and retry? restart bind9 service? attempt reaching “github” via a proxy? wait, and try again later in the day? toggle off (or on) SafeNanny and try again?

      4. Martin Brinkmann said on July 25, 2017 at 9:20 pm

        No it has not been edited.

      5. HK-Rapper said on July 25, 2017 at 5:29 pm

        >quote: “may be a problem with Google’s Safe Browsing”

        Correct! Why the deceptive headline then if you even realize this in the foot note? I’m no Mozilla apologetic like Sören, but Firefox and Mozilla are innocent this time.

        You are better than using such article names. Rather tell your visitors why any sane and privacy concerned person disables “Google Crap Browsing” in settings:

        >Google Chrome, Safari, Firefox, Opera, and Vivaldi web browsers use the lists
        >Safe Browsing also stores a mandatory preferences cookie on the computer[10] which the US National
        >Security Agency allegedly uses to identify individual computers for purposes of exploitation.[11]

      6. TelV said on July 25, 2017 at 3:54 pm

        I can access the site via your link to download the latest Atom builds though. Copy to the latest one is:

        Of course it’s possible that they fixed whatever was causing the problem before.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.