Firefox gains Chrome-like malicious file defences

Mozilla has implemented Google’s application reputation feature in Firefox, bringing its browser closer to Chrome’s capacity to detect and block malware on the Web.

The new service builds on Firefox’s use of Google’s Safe Browsing product, which has since Firefox 2 notified users when they visit phishing or malware websites. While it provided protection against harmful sites, Firefox lacked a way to block files that those sites might attempt to install through the browser.

Mozilla noted on its security blog that Google enabled file-checking in Chrome and offered its SafeBrowsing API to Firefox and Safari in 2012, but until recently Mozilla only had access to lists of reported malicious websites.

The beginnings of Mozilla’s new anti-malware feature have shown up in Firefox 31, which was released last week. The browser compares downloaded files against lists of known bad files and blocks them if they match. It also checks whether a binary is signed and whether it matches a list of known good publishers.

At the moment, Firefox has no way of dealing with files that fall outside its local block and allow lists, however this will change in Firefox 32 and onwards, at least for Windows. In Firefox 32 on Windows, when files don’t have a known good publisher the browser will query Google’s Safe Browsing API with “download metadata” that’s similar to what Chrome uses in its check.

In Chrome, this metadata includes:

- the target URL from which the file was downloaded, its referrer URL and any URLs in the redirect chain.
- The SHA-256 hash of the contents of the file.
- Any certificate verification information obtained through the Windows Authenticode APIs.
- The length of the file in bytes.
- The suggested filename for the download.

Firefox is however missing some of Chrome's download metadata such as the “redirect” chain and whether or not the user initiated the download.

According to Mozilla, it explains why Firefox is still behind Chrome in blocking malware, despite the significant improvements on malware detection in Firefox before version 31. Details of Mozilla’s preliminary application reputation feature tests can be found here.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags GoogleFirefoxchrome

More about Australian Pharmaceutical IndustriesGoogleMozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts