To browse web pages HTTP or HTTPS are set as default. Nowadays, the Web is making a move towards safer HTTP or HTTPS. There are still risks about safety concerning downloads from some web pages. It has become essential to make sure that not only the pages are secure, but the content or resources that come from them should also be made secure. Chrome has already taken steps to make it possible and now Mozilla is following Chrome. Firefox will block insecure downloads from HTTPS pages.
The popularity of HTTPS had brought people to a visible confusion as they mistake the downloads to be safe just because the page is safe. The truth is that when notified that the page is safe, it is actually the connection to the page that is safe due to the encryption. The content on the page can still be manipulated by hackers, to attack the users.
When something is downloaded the risk becomes even greater. The “mixed content downloads” from the HTTPS pages can actually make the device more prone to attacks. The users are warned of visiting non-HTTPS web pages. But they are never warned of the risk of downloading from unsecured connections.
Mozilla will make changes to Firefox, starting from Firefox 92 that will come out on the 7th of September. Users will be blocked and warned about attempting to download something from HTTP while on an HTTPS page. Users can still ignore the warning and continue with the download at their own risk.
XDA points out that it will only “affect HTTP downloads on HTTPS pages.” On HTTP pages, users will not receive this warning.
