Security News > 2020 > July > Mozilla turns off “Firefox Send” following malware abuse reports

Mozilla turns off “Firefox Send” following malware abuse reports
2020-07-08 14:16

You upload the file to a file sharing site, optionally setting various options that describe which other users can see it, and for how long, and then send the recipient an email that contains a download link where they can fetch the file at their leisure.

Which is why we are occasional but enthusiastic users of Firefox Send, a free service from Mozilla that aims to let you share large files easily, but without the worry of what gets left behind and forgotten about.

When you upload a file to send DOT firefox DOT com, it gets encrypted in your browser before any data is send into the cloud; the decryption key is encoded into the URL for downloading the file; and the link thus generated is valid for one download or 24 hours, whichever comes first.

The problem is that in the case of the crooks, they're typically using Firefox Send for what you might call "Data infiltration" - a way of importing malware files or attack tools onto a network they've already broken into without drawing undue attention to themselves.

Until now, you could use Firefox Send without creating a Firefox account, although that limited your links to at most 24 hours, but it looks as though the days of free-in-all-senses use of Firefox Send are over.


News URL

https://nakedsecurity.sophos.com/2020/07/08/mozilla-turns-off-firefox-send-following-malware-abuse-reports/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mozilla 29 13 629 582 266 1490