Firefox 89.0.1 Checksum
I downloaded Firefox 89.0.1 via Microsoft Edge from the regular mozilla.org site.
I was redirected to this site after the download started: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-stub/de/win/[...]/Firefox%20Installer.exe
I was confused when I saw, that the sha256 checksum mismatched with the one in the repository. Also after multiply downloads from the mentioned site, I recognized all installation files had different checksums.
Is this a bug or a malicious firefox download? Or smth else?
Thanks in advance.
Modified by MaxTheSaxguy
Chosen solution
I've heard about it, see:
- https://www.reddit.com/r/firefox/comments/j1eioa/sha256_checksum_mismatch_for_78x_esr_windows/
- https://www.reddit.com/r/firefox/comments/bwd762/different_checksums_for_same_installer/
The file should be safe. The hypothesis is that Moz attaches something to recognize a download source or to measure a marketing campaign metric.
Read this answer in context 👍 0All Replies (3)
To control which download you get, it might be simpler to use this server:
Thank you for your answer.
My question is more about why the SHA256 checksums change constantly with each download and if a download via https://cdn.stubdownloader.services.mozilla.com/ is safe or not.
Modified by MaxTheSaxguy
Chosen Solution
I've heard about it, see:
- https://www.reddit.com/r/firefox/comments/j1eioa/sha256_checksum_mismatch_for_78x_esr_windows/
- https://www.reddit.com/r/firefox/comments/bwd762/different_checksums_for_same_installer/
The file should be safe. The hypothesis is that Moz attaches something to recognize a download source or to measure a marketing campaign metric.