Mozilla Suspends Firefox Send Service While It Addresses Malware Abuse

An anonymous reader writes: Mozilla has temporarily suspended the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators and while it adds a "Report abuse" button. The browser maker took down the service today after ZDNet reached out to inquire about Firefox Send's increasing prevalence in current malware operations. Since last year, several malware operations have hosted payloads on the service. This includes ransomware gangs like REvil/Sodinokibi, financial crime crews like FIN7, the Zloader and Ursnif banking trojans operations, and government surveillance groups targeting human rights defenders. Reasons include the fact that Firefox Send doesn't have an Report Abuse mechanism, all file uploads are encrypted (useful to dodge malware scanners), and the Firefox URL is whitelisted in most orgs (useful for bypassing email filters).

Karma for Mozilla

[xack]

Always wasting time on junk features like this instead of sticking to the goal of what donators pay for: a decent web browser. I no longer consider Mozilla to be fit for purpose and they should transfer the Firefox source code to another more responsible organization.

Re:

[jacks smirking reven]

I agree they do seem to be all over the map, but there are alternatives such as IceCat, Waterfox, and Pale Moon albeit with very varying levels of quality and updates. I think it's more a matter of leadership at the foundation. I'm not fully familiar with aspects of the MPL but I don't think there's any roadblocks preventing a new organization from improving upon Firefox browser as it exists today. Seems most companies with that capability seemed to have hitched their wagon to Chromium/Blink though (Oper

Re:

[NateFromMich]

phoning home without explicit permission, constantly trying to force "updates" and constantly popping up nagware windows with no way to disable them.

I've never seen any of that, and I'm a long time Firefox user (and complain frequently enough about Mozilla). I feel like maybe you don't know wtf you're talking about. Did you even look at "about:config"?

What I did for all of them was purge Firefox from their computers and install Vivaldi. Every single one of them has thanked me for doing so. Vivaldi has a ton of features, it doesn't spy, and the user has control over updates and notifications.

Is it finally stable then? I tried it a couple years ago and while it seemed ok at first, I eventually would run into problems with it taking over the whole display and going unresponsive. A colleague of mine had the same issues, with different hardware.

Re:

[KiloByte]

While I got a lot of beef with what Mozilla does, what other browser, pray tell, would you propose? There's none. Zero. Zilch. Everything else is an ad delivery platform without basic privacy capabilities.

There's a bunch of forks of Firefox but they are either not-really-maintained old snapshots (Waterfox, Pale Moon, ...) or stripped down builds with no non-cosmetic improvements.

Re:

[fustakrakich]

what other browser, pray tell, would you propose? There's none. Zero. Zilch.

You should know better! [seamonkey-project.org] There's a browser that's older than some of the kids posting here.

Re:

[ArchieBunker]

Oh that takes me back to Netscape 4.0.

Re:

[fustakrakich]

Looking for a familiar face [seamonkey-project.org]?

Re:

[antdude]

Why not fork it like others do?

A real shame

[Mark of the North]

Firefox Send is the single best option I've been able to find to send files to large for email without the overhead of setting the recipient up with an account. I'd be open to suggestions for other options. The only problem we ran into with Firefox Send is that it doesn't play well with iOS devices. It would be a shame to lose the service as we liked it enough that we were looking at self-hosting it with our own branding.

They need to make use of an account mandatory and a mechanism to automatically disabl

Re:

[tlhIngan]

Firefox Send is the single best option I've been able to find to send files to large for email without the overhead of setting the recipient up with an account. I'd be open to suggestions for other options. The only problem we ran into with Firefox Send is that it doesn't play well with iOS devices. It would be a shame to lose the service as we liked it enough that we were looking at self-hosting it with our own branding.

They need to make use of an account mandatory and a mechanism to automatically disable

Re:

[Mark of the North]

Yes. I've looked at just about every option out there. Send is by far the simplest in that you just drop a file onto the page, click upload, and past the link into an email. The fact that is encrypted in the sender's browser and decrypted in the receiver's browser is great too.

I sincerely hope it returns sooner rather than later.

Re:

[layabout]

If there are options, they are not very well known or they are too expensive for what they provide. Firefox send is: noninvasive unlike dropbox, encrypted, secure unlike Google Drive and easier to use than any other file transfer system I've worked with.

Sadly, the kind of abuse you mention is what happened with USENET, email, or any service where sending is free or cheap. There needs to be some sort of cost imposed on the sender. I know I could rent a lesser quality service that's harder to use but I woul