Firefox gains Chrome-like malicious file defences
- 28 July, 2014 08:27
Mozilla has implemented Google’s application reputation feature in Firefox, bringing its browser closer to Chrome’s capacity to detect and block malware on the Web.
The new service builds on Firefox’s use of Google’s Safe Browsing product, which has since Firefox 2 notified users when they visit phishing or malware websites. While it provided protection against harmful sites, Firefox lacked a way to block files that those sites might attempt to install through the browser.
Mozilla noted on its security blog that Google enabled file-checking in Chrome and offered its SafeBrowsing API to Firefox and Safari in 2012, but until recently Mozilla only had access to lists of reported malicious websites.
The beginnings of Mozilla’s new anti-malware feature have shown up in Firefox 31, which was released last week. The browser compares downloaded files against lists of known bad files and blocks them if they match. It also checks whether a binary is signed and whether it matches a list of known good publishers.
At the moment, Firefox has no way of dealing with files that fall outside its local block and allow lists, however this will change in Firefox 32 and onwards, at least for Windows. In Firefox 32 on Windows, when files don’t have a known good publisher the browser will query Google’s Safe Browsing API with “download metadata” that’s similar to what Chrome uses in its check.
In Chrome, this metadata includes:
- the target URL from which the file was downloaded, its referrer URL and any URLs in the redirect chain.
- The SHA-256 hash of the contents of the file.
- Any certificate verification information obtained through the Windows Authenticode APIs.
- The length of the file in bytes.
- The suggested filename for the download.
Firefox is however missing some of Chrome's download metadata such as the “redirect” chain and whether or not the user initiated the download.
According to Mozilla, it explains why Firefox is still behind Chrome in blocking malware, despite the significant improvements on malware detection in Firefox before version 31. Details of Mozilla’s preliminary application reputation feature tests can be found here.