Firefox Send has been temporarily suspended due to a security fix

| |

Mozilla is temporarily shutting down its Firefox Send file transfer service after it has recently become increasingly popular with malware distributors.

Mozilla began experimenting with Firefox Send in 2017, and a stable version of it was released in March last year. The organization is investigating potential abuses and including a reporting system to indicate if anyone wants to share malicious content.

. With the free service, you can transfer files up to 2.5 gigabytes, and you can set the number of days or downloads after which the links to the download are deleted, and the content can also be password-protected. File transfers are encrypted between endpoints, so Mozilla itself does not have access to their contents – so it's no wonder the service has caught the attention of malicious parties.

As ZDNet writes, Firefox Send has been used since the end of 2019 to target a variety of malware, from banking Trojans to ransomware to spyware. The procedure is the same in most cases, malicious software download links are hidden by attackers in seemingly innocent emails sent to the target

SYSADMINDAY's program is live!

It includes an IT-security meetup and the standup of Péter Janklovics.

The SYSADMINDAY program is live!
It includes an IT-security meetup and the standup of Péter Janklovics.

As security researcher Colin Hardy told the paper, Firefox Send may be particularly attractive to malware distributors because Firefox URLs used to transfer files are considered trusted by most organizations' systems by default, so emies used for attacks are not caught. on spam filters. In addition, criminal groups offer a virtually ready-made infrastructure for the service, without having to develop their own system – encryption also helps to hide malware, and automatic deletion of links makes subsequent investigations more difficult.

That's why security experts asked in a bug report last month. Mozilla, implement a reporting solution in the service to report similar abuses. Mozilla said in a statement to ZDNet that it agrees with the experts' concerns and will temporarily suspend the service while making the necessary fixes – deleting previously shared sharing links. On the one hand, the organization will implement the requested abuse reporting system, and will later only be able to send files by logging in with a registered Firefox account. It has not yet been announced when Firefox Send is expected to restart.

Previous

Fraunhofer's new codec halves the size of a 4K stream

MSI CEO – CountingNews has passed away

Next