I was going to update the x86/64 firmware and downloading the images of 24.10.5 from the openwrt.org. but I received the safety alarm from my Firefox 140.6.0esr. I am not sure it is the issue of OpenWrt or Firefox, just report.
If anyone could check or clarify, please. thanks!!
Going by the warning description, this is a quite overzealous metric for considering a file potentially dangerous - and that's taking it lightly (meeting quite some signs of scareware).
This a pretty standard metric in the major browsers on Windows (Chrome, Edge, and Firefox). I don't recall it being enabled by default on Firefox, though (it is for Edge).
I've never seen it in FF, and I've been using it for ages.
OpenWrt does not run that classification. Why dont you ask mozilla who does?
They quietly added it:
Block dangerous and deceptive content
Block dangerous downloads
** Warn you about unwanted and uncommon software **
Boy cries wolf, chihuahua found at the scene.
Those are just irresponsible scareware tactics.
This file is not commonly downloaded.
So? I'd imagine this describes a vast majority of files downloaded from the Internet. We even have a term to describe this:
Besides, download popularity is a terrible heuristic for malware warnings in any case and really should be ignored. One needs to look no further than the apps on places like Google Play to know that download popularity does not correlate to safety or security in the slightest.
Which doesn't change the fact that for many users these are the defaults and they won't know any better, and will avoid being early to adopt a recent release of e.g. OpenWrt. What one thinks or not of it is irrelevant, unless you care enough to try to instigate change in the browsers most people use. Being aware and prepared to answer, in a sober and reasoned fashion, without pejoratives or derogatory comments, would be far more helpful to a newbie.
Sounding off, of course, take less work, and perhaps gives some a sense of satisfaction and such like.
I don't have a prepared answer for this myself, because even though I use Firefox, I have not had that warning come up, to remind me to consider such. In short, never needed an answer for this, before.
You made an informed choice about using flaky file reputation source.
Be it its way no new file will ever be able to appear on the internet.
I just have a problem with 'easy solutions' that are worse than the problem they're claiming to fix. And I do suggest everyone to read the warning - to think and re-evaluate what kind of a bull.... metric this claimed threat actually is.
Case in point, what about https://ftp.mozilla.org/pub/firebird/releases/0.7/MozillaFirebird-source-0.7.tar.gz I remember having downloaded and compiled that on SunOS 5.6 an eternity ago, I surely hope that Mozilla Corp. is correctly warning against such a "not commonly downloaded" file as well…
There's nothing I can do to help here, except educating the users and helping them to think for themselves and evaluate the validity of the 'warning'. Likewise there's nothing OpenWrt as a project could do, aside from just waiting and letting others cross the magical download counter limit for the warning to disappear.
But I refuse to accept such a stupid argument from Mozilla Corp.; even less from them, than from Microsoft, Google, Apple, Opera, Vivaldi, etc.
Disclaimer: Yes, I'm using Firefox/Linux as well, have been since their earliest beta versions - but I've disabled those crap misfeatures the minute they came around (and I'm not happy with Mozilla Corp's directions, from pocket to ai, the unforced removal of working features (ftp client, rss reader) and all the shades of grey inbetween).
Personally, I always use the published sha256sum from https://firmware-selector.openwrt.org/ to verify downloads rather than relying on browser warnings for safety (although I investigate as you have if I question a warning).
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
