Mozilla plans to introduce a new security feature in Firefox 82 that prevents the automatic downloading of files under certain circumstances.
The feature will block downloads that are initiated by sandboxed iframes, a technology that is used by sites and services to load embedded content such as advertisement or media on third-party sites.
The sandbox attribute of an iframe adds an extra set of restrictions to the content hosted by the iframe. Developers may specify certain allow parameters to allow actions such as popups or forms.
It is uncommon for sites to use sandboxed iframes to initiate downloads but most browsers don't block these downloads at the time. Google introduced the protection in Chrome 83 which it released in May 2020. Since Chrome is based on Chromium, most Chromium-based browsers have the protection implemented already or will have it in the near future. The company introduced support for Secure DNS in the same browser version.
From Firefox 82 on, automatic downloads that originate from sandboxed iframes will be blocked in the Firefox browser. Developers may specify the "allow-download" parameter to allow these downloads.
Depending on the configuration, downloads may be saved automatically to the system's downloads folder. Firefox may be configured to display a "save to" prompt whenever downloads are initiated in the browser; this prompt provides a layer of protection against unwanted downloads as it is possible to hit the cancel button to stop the download before it reaches the user system.
Just load about:preferences#general in the Firefox address bar, scroll down to the downloads section on the page that opens, and make sure that the setting is set to "Always ask you where to save files". The setting may be less convenient, as you will get a prompt each time you download a file in the browser, but it is better when it comes to security.
Firefox 82 will be released on October 20, 2020 according to the release schedule. The next stable version is Firefox 81; it will be released in September 2020.
You can check out the bug on Mozilla's bug tracking website for additional information.
Now You: is your browser configured to accept downloads automatically?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.