ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Has the mozilla download site been hacked?

  • 17 ردًا
  • 13 have this problem
  • 4129 views
  • آخر ردّ كتبه utdpauls

more options

Our Ironport appliances are blocking downloads of Firefox with the following text being displayed.

This Page Cannot Be Displayed

Based on your corporate access policies, this web site ( http://download.cdn.mozilla.net/pub/mozilla.org/firefox/releases/14.0.1/win32/en-US/Firefox%20Setup%2014.0.1.exe ) has been blocked because it has been determined by Web Reputation Filters to be a security threat to your computer or the corporate network. This web site has been associated with malware/spyware.

Threat Type: othermalware Threat Reason: Domain reported and verified as serving malware.

If you have questions, please contact the UT Dallas Computer Help Desk at 972-883-2911 or ( assist@utdallas.edu ) and provide the codes shown below. If you believe this page has been misclassified, use the button below to report this misclassification. Notification codes: (1, MALWARE, othermalware, Domain reported and verified as serving malware., BLOCK-MALWARE, 0x029b41b8, 1342562888.252, AAAD6wAAAAAAAAAAGf8ACP8AAAD/AAAAAAAAAAAAAAE=, http://download.cdn.mozilla.net/pub/mozilla.org/firefox/releases/14.0.1/win32/en-US/Firefox%20Setup%2014.0.1.exe)

الحل المُختار

And the Bug report is

Bug 775094 - Cisco's Ironport Web Security Appliance is blocking Firefox downloads
Read this answer in context 👍 1

All Replies (17)

more options

Did you contact the UT Dallas Computer Help Desk ?

more options

I am a Senior Information Security Analyst. We received a complaint from a user trying to download Firefox, and I am following up. Our security appliance is blocking Firefox downloads, because the appliance "believes" that the site is serving malware. That seemed like a problem that the Mozilla folks might care about.

more options
more options

What security appliance are you using? this is a possible vendor false positive.

more options

cor-el, I'm at home now, so I can't test it. I'll test it in the morning.

Tylerdowner, they're Cisco Ironport Web Security Appliances. It's possible that it's a false positive, but you'll notice that the warning says "Threat Reason: Domain reported and verified as serving malware."

It would be pretty unusual for Cisco to block Mozilla without verifying the problem first and then claim that they have verified it.

more options
more options

Probably unrelated but

Maybe someone would like to follow up on that thread.
I deliberatly left it as unanswerd, as I have no solution.


In my case I would not be surprised to find I am being offered the 32 bit version instead of the 64 bit version, the ordinary download links failed previously for that reason. Of course that does not affect Windows users as they get 32 bit versions anyway.

Not concerned for myself, as I only use ESR for test/comparison purposes.

more options

Please do not download from softpedia or any other website. Mozilla ftp sites, or official mirrors are the only pages that are guaranteed secure.

more options

And that is the concern, Tylerdowner. Right now it looks like the Mozilla download links are also not secure. Can we get someone from Mozilla to check this out?

BTW, I sent the complainant the links that cor-el posted. I'll let you know if those worked. The link I posted about is still blocked.

Modified by utdpauls

more options

The Mozilla mirrors are clean, there isn't any malware on them. however, you can file a bug on https://bugzilla.mozilla.org/ and our contacts can try to reach out to Cisco and see if we can't get this false positive removed.

more options

الحل المُختار

And the Bug report is

Bug 775094 - Cisco's Ironport Web Security Appliance is blocking Firefox downloads
more options

Tylerdowner, unless you're willing to pay us for any infections caused by your site, then I apologize, but I will not take your word for this. I want Mozilla to do a proper investigation, just as we would with a similar complaint, and assure the community that there is not a problem and that this is, in fact, a false positive.

more options

Hi utdpauls,

You could take Tylerdowner's suggestion and file a bug that will allow it to be investigated. I am sure you would be satisfied that a false positive will only be removed if it is agreed it is a false positive. This is a support forum for answering users support questions, rather than discussing site issues.

Also maybe you could point at instances where we can see these reports. do they include the ability for site owners to respond ?


Update Bug775094#c7 filed & under investigation

Paul, 
Thank you for reporting this to us. Mozilla's Operations Security takes reports like this seriously and will investigate, per standard procedure. 
Joe Stevensen
Operations Security Manager

Modified by John99

more options

Thanks, John99. I already filed a bug and the security team is investigating. And yes, I would be satisfied that it's a false positive if the security team tells me their investigation turned up nothing.

I posted a report initially. As you see by reading it, the users can click on a button and report what they believe to be a misclassification. I don't have any problem with users doing that, but as a security professional my investigation has to go a bit deeper than, "That can't be right."

The best sites in the world can be hacked. There's no such thing as an unhackable site or software (Larry Ellison, are you listening?), and I can't just assume that everything is fine.

Since the sec team is investigating now, I will mark this as solved.

more options

We are seeing the same problem with our Cisco Web Security Appliance blocking the following site:

http://download.cdn.mozilla.net/pub/mozilla.org/metrics/14.0.1-funnelcake14/win32/en-US/Firefox%20Setup%2014.0.1.exe

Is there an ETA on when this will be resolved/followed-up on?

more options

See the bug posted above by John99.