This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

HTTPS, Support.mozilla.org versus Firefox realeses

Why does Mozilla support HTTPS with E.V (Green https) for the forum but does not support Https E.V. for download of Firefox versions from "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/"

Since downloading the correct authenticated version of Firefox is important to prevent counterfeit Firefox browsers. Why is the download site "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" not HTTPS E.V ?

Why does Mozilla support HTTPS with E.V (Green https) for the forum but does not support Https E.V. for download of Firefox versions from "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" Since downloading the correct authenticated version of Firefox is important to prevent counterfeit Firefox browsers. Why is the download site "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" not HTTPS E.V ?

All Replies (2)

Hello!

The EV certificate has as minimal to no purpose when it comes to downloading Firefox. No user authentication or logging info is being sent out so there is less security risks. Secondly, even if there was an EV certificate for the Firefox download it would not play any role in protecting the user for a "counterfeit" Firefox. In cases for this website will post the md5 hash or sha-512 hash of the file so when the user downloads the file they are able to see if the hash matches. In any case, the chances of someone uploading a "counterfeit" Firefox on to the FTP server is slim to none.

I strongly disagree Microbot. Mozilla is paying for the privilege to provide the service of a high Https EV just like banks. Since they Mozilla is already using it they should place the "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" under that additional protection.