[German]Short information for users of the service Firefox Send. Mozilla is now finally abandoning Firefox Send and stopping this service. The reason is abuse for malware spreading and spear phishing.
Firefox Send, a review
First a look at the functionality of Firefox Send. If you want to share large files with other users, you can’t do this via email. You can upload the files to the cloud (Dropbox, OneDrive, Google Drive) and send the link.
With the Firefox Send the Mozilla developers have been providing a service since 2017 that is also suitable for sending larger files, up to 1 GByte in size. A simple browser (Firefox, Google Chrome, Internet Explorer) was sufficient. During upload, the file was encrypted and a link was generated. This link could be sent to the recipient.
Via the link the recipient got access to the uploaded file and could download it. The uploaded file and the link expired after 24 hours or after a download. What started as a test in 2017 was then released in March 2019 (see my blog post Firefox Send). But now it is over again.
Firefox Send was discontinued
It is the end of a longer story. Because the design of this service was perfectly suited to the needs of cyber criminals. They loved Firefox Send because using Firefox Send meant they didn’t have to set up their own file-sharing server with a legitimate looking URL for spear phishing attacks or malware distribution. The users received the files from a trusted domain. And the criminals don’t have to worry about their URLs expiring automatically after use. This leaves virtually no traces behind in the cloud.
For security researchers, links that only work once are a problem. Even if a security researcher succeeds in obtaining a complete URL as an indicator of a compromise, it is worthless. After all, you can no longer call up this URL and investigate what malicious ballast it delivers – the link has expired after the download.
Within my blog post ‘Firefox Send’ offline after abused by Malware I had already reported in July 2019 that Mozilla had temporarily suspended the service after abuse for distributing malware and spear phishing attacks. If you now visit the Firefox Send page, you will be redirected to another Firefox page. Mozilla confirms in this blog post that both Firefox Send and Firefox Notes have been permanently suspended as services. (via)
Firefox Notes was originally developed to experiment with new methods of encrypted data synchronization. After this purpose was fulfilled, the product was retained as a small utility for Firefox and Android users. However, in early November, Mozilla will discontinue the Android Notes app and synchronization service. The desktop browser extension Firefox Notes will remain available for existing installations, and Mozilla’s developers want to include an option to export all notes, but this will no longer be maintained by Mozilla and will no longer be installable.
Cookies helps to fund this blog: Cookie settings