incorrect checksums of downloaded Firefox
Every time I download a new release of Firefox (win64 german), I check the downloaded file at virustotal and check the hashes published under http://releases.mozilla.org/pub/firefox/releases/<Version>, e.g. http://releases.mozilla.org/pub/firefox/releases/78.0.1/SHA256SUMS Up until release 77.0 the hashes matched but for 77.0.1 and also the current release 78.0.1 the hashes do not match, neither SHA256 nor SHA512. For "win64/de/Firefox Setup 78.0.1.exe" the SHA256 hash should be 56cff68e3f0cb76a6404d675f7e1bacc40ebaba7bbb5cadcb4950378656ab0a6 but the calculated hash is 8e69755f257aba44b6bbe5079e17f3bff8b62ddc27de9e1c479686e9ad871dfb When checking at virustotal, the file is recognized as scanned before and the displayed hash is the one I calculated, so at least my downloaded file is equal to the file other persons downloaded. Could it be that since v77.0.1 the published hashes are incorrect?
All Replies (3)
Works for me on Linux.
openssl dgst -sha512 "Firefox Setup 78.0.1.exe" SHA512(Firefox Setup 78.0.1.exe)= c95c5fc034377c08e9e90762d213d986af7ca5ed7f725d844c9ad8eaad5122c24329f411f16a667c755e7349afa08dfab8d669dd8bc0d48249d10c2b0523ff3b openssl dgst -sha256 "Firefox Setup 78.0.1.exe" SHA256(Firefox Setup 78.0.1.exe)= 56cff68e3f0cb76a6404d675f7e1bacc40ebaba7bbb5cadcb4950378656ab0a6
So it looks that there is a problem with calculating the hash or the file has been modified (possibly by security software).
You are correct: If I use the download link you provided, the file has the correct checksums. I've been using the link https://www.mozilla.org/en-US/firefox/all/?q=German,%20Deutsch#product-desktop-release for I guess more than a year and the file you download there (have to change the language first) has the same size and different checksum. Until v77.0 it used to have the same checksum but since v77.0.1 there is a difference. Strange thing...
I get the same SHA256 hash if I use that link to download the Win64 German version (I add -x to the saved file):
- SHA256(Firefox Setup 78.0.1-x.exe)= 56cff68e3f0cb76a6404d675f7e1bacc40ebaba7bbb5cadcb4950378656ab0a6