Firefox will block drive-by downloads via sandboxed iframes

Firefox gets a function to stop drive-by downloads when they come from sandboxed iframes. Automatic downloads that are started via such iframes are then automatically blocked by the browser.

Mozilla is working on that option for a future version of the browser. There is already protection against drive-by downloads in the browser, but not when they are loaded from an iframe. In this way, attackers can, for example, place malware on a victim’s system via malvertising. Mozilla will now block such downloads. It remains possible for website builders to use sandboxed iframes to download material. For that they have to be done manually allow-download enable via the sandbox flag.

The new function will be in Firefox 82, is in a changelog of the browser maker. That version will be released in October. Other browsers such as Chrome have long banned downloads from sandboxed iframes.