Attackers have any number of methods for getting their malware onto users’ machines, but one of the easier and more effective ones is through drive-by downloads. Browser vendors have been adding defenses to mitigate this threat for some time, and the newest version of Mozilla Firefox includes an improved defense against malware downloaded through the browser, which could prevent many kinds of infections.
The new defense comes in the form of improved malware detection in the browser. When a user downloads a file from the Internet, Firefox looks at the URL and compares it against a list of known malicious URLs from the Google Safe Browsing API. It then takes some other actions before making a decision about the file.
“Until recently, we only had access to lists of reported malicious web sites, now the Safe Browsing service monitors malicious downloaded files too. The latest version of Firefox (as of July 22) will protect you from more malware by comparing files you download against these lists of malicious files, and blocking them from infecting your system,” Sid Stamm of Mozilla wrote in a blog post.
The company is planning to improve on this method even further in the next version of Firefox, which is due in September.
“When you download an application file, Firefox will verify the signature. If it is signed, Firefox then compares the signature with a list of known safe publishers. For files that are not identified by the lists as ‘safe’ (allowed) or as ‘malware’ (blocked), Firefox asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata. Note this online check will only be performed in Firefox on Windows for those downloaded files that don’t have a known good publisher. Most of the common and safe software for Windows is signed and so this final check won’t always need to happen,” Stamm said.
Mozilla released Firefox 31 on Wednesday, and along with the improved malware protection, the new version also includes patches for 11 security vulnerabilities.