How does built-in Phishing and Malware Protection work?

Revision Information
  • Revision id: 136832
  • Created:
  • Creator: Mukesh Pathak
  • Comment: Adding Few Information For Malware
  • Reviewed: Yes
  • Reviewed:
  • Reviewed by: AliceWyman
  • Is approved? No
  • Is current revision? No
  • Ready for localization: No
Revision Source
Revision Content

Firefox contains built-in Phishing and Malware Protection to help keep you safe online. These features will warn you when a page you visit has been reported as a Web Forgery of a legitimate site (sometimes called “phishing” pages), as a source of Unwanted Software or as an Attack Site designed to harm your computer (otherwise known as malware). This feature also warns you if you download files that are detected as malware.

Firefox contains built-in Phishing and Malware Protection to help keep you safe online. These features will warn you when a page you visit has been reported as a Deceptive Site (sometimes called “phishing” pages), as a source of Unwanted Software or as an Attack Site designed to harm your computer (otherwise known as malware). This feature also warns you if you download files that are detected as malware.

What are Web Forgery/Phishing, Attack Sites, Unwanted Software and Malware?

Web Forgery (also known as "Phishing")

This is a form of identity theft that occurs when a malicious website impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details, or credit card numbers. Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake but very real-looking websites. More information on phishing can be found at the Anti-Phishing Working Group, and there are a number of examples and resources available at the Wikipedia Phishing page.

What are Deceptive/Phishing, Attack Sites, Unwanted Software and Malware?

Deceptive Site (also known as "Phishing")

This is a form of identity theft that occurs when a malicious website impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details, or credit card numbers. Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake but very real-looking websites. More information on phishing can be found at the Anti-Phishing Working Group, and there are a number of examples and resources available at the Wikipedia Phishing page.

Attack Sites

Attack Sites are websites that try to infect your computer with malware when you visit. These attacks can be very difficult to detect; even a site that looks safe may be secretly trying to attack you. Sometimes even the website’s owner doesn’t realize that the site has become an Attack Site.

Malware

Malware is software designed to infect your computer without your knowledge. Malware is most often used to steal personal information, send junk email (spam), or spread more malware.

Malware, or malicious software, is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission.

You can learn more about malware and Attack Sites from StopBadware, a non-profit organization that works with partners like Mozilla to protect users from malware and other dangerous software.

Unwanted Software

Unwanted Software sites are websites that try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit). You can learn more about such software on the Google Unwanted Software Policy.

How does Phishing and Malware Protection work in Firefox?

Phishing and Malware Protection works by checking the sites that you visit against lists of reported phishing, unwanted software and malware sites. These lists are automatically downloaded and updated every 30 minutes or so when the Phishing and Malware Protection features are enabled.

When you download an application file, Firefox checks the site hosting it against a list of sites known to contain "malware". If the site is found on that list, Firefox blocks the file immediately, otherwise it asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata.*

* Windows users: This online check will only be performed in Firefox on Windows for those downloaded files that don’t have a known good publisher. Most of the common and safe software for Windows is signed and so this final check won’t always need to happen.

How do I use the Phishing and Malware Protection features?

These features are turned on by default so, unless your security settings have been changed, you are likely already using them. Phishing and Malware Protection optionspreferences can be found on the Security panel:

  1. In the Menu bar at the top of the screen, click Firefox and then select Preferences or Settings, depending on your macOS version.Click the menu button Fx89menuButton and select Settings.
  2. Click on the Security panel.
  3. Put a check mark next to the following settings to activate them:
    • Block reported attack sites - this setting protects you from malware sites and files as well as unwanted software.
    • Block reported web forgeries - this setting warns you against fraudulent websites that trick you into giving them your personal and financial information.
    Security - Block report attack sites and web forgeries - 38
  4. The template "closeoptionspreferences" does not exist or has no approved revision.

To turn these features off, follow the preceding steps to return to the Security panel and remove the check marks next to Block reported attack sites and Block reported web forgeries. Close the about:preferences page.

  1. In the Menu bar at the top of the screen, click Firefox and then select Preferences or Settings, depending on your macOS version.Click the menu button Fx89menuButton and select Settings.
  2. Click on the Security panel.
  3. Put a check mark next to the following settings to activate them:
    • Block dangerous and deceptive content: Check this box if you want Firefox to block potential malware or content that can trick you into downloading malware or unintentionally entering information. You can also refine your choices by checking or unchecking the following items:
      • Block dangerous downloads: Blocks potential viruses and other malware.
      • Warn me about unwanted and uncommon software: Lets you know if you're about to download potentially unwanted software or uncommon software that may contain a virus or make unexpected changes to your computer.
    Fx48Security-BlockContent
  4. The template "closeoptionspreferences" does not exist or has no approved revision.

To turn these features off, follow the preceding steps to return to the Security panel and remove the check marks. Close the about:preferences page.

To see if Phishing Protection is active, visit our phishing test site. Likewise, you can visit our malware test site to confirm that Firefox is blocking Attack Sites as well as our unwanted software test site. With Phishing and Malware Protection turned on, all these sites should be blocked from loading.

What happens when a page or file is blocked?

Firefox will block the page from loading and display a Reported Web Forgery warning for phishing sites, Reported Unwanted Software Page for unwanted software sites and Reported Attack Page for malware sites.

Firefox will block the page from loading and display a Deceptive Site warning for phishing sites, Reported Unwanted Software Page for unwanted software sites and Reported Attack Page for malware sites.

If you download malware or spyware, Firefox displays a message on the Downloads panel.

malware warning

To ignore the warning and unblock such a file, right-click on it in the download panel and select Unblock.

Note: Starting in Firefox 48, an improved user interface makes it easier to notice and understand these warnings. See this blog post for details.

What information is sent to Mozilla or its partners when Phishing and Malware Protection are enabled?

There are two times when Firefox will communicate with Mozilla’s partners while using Phishing and Malware Protection for sites. The first is during the regular updates to the lists of reporting phishing and malware sites. No information about you or the sites you visit is communicated during list updates. The second is in the event that you encounter a reported phishing or malware site. Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. This request does not include the address of the visited site, it only contains partial information derived from the address.

In addition to the regular list updates mentioned above, when using Malware Protection to protect downloaded files, Firefox may communicate with Mozilla's partners to verify the safety of certain executable files. In these cases, Firefox will submit some information about the file, including the name, origin, size and a cryptographic hash of the contents, to the Google Safe Browsing service which helps Firefox determine whether or not the file should be blocked.

The Mozilla Privacy Policy describes what data Firefox and Mozilla each receive and how it's handled. The Google Privacy Policy explains how Google handles collected data.

I’ve confirmed that my site is safe, how do I get it removed from the lists?

If you own a site that was attacked and you have since repaired it, or if you feel that your site was reported in error, you can request that it be removed from the lists. We encourage site owners to investigate any such report thoroughly, though; a site can often be turned into an attack site without any visible change.