Firefox blocks all GitHub release downloads as deceptive
If you are using the Mozilla Firefox web browser right now to download releases hosted on the project hosting website Github, you will notice that you cannot do so directly anymore.
For instance, if you try to download the latest Atom editor builds, you get the warning message.
The browser displays a "deceptive site!" warning when you click on a download link and states that site the downloads are hosted on has been reported and blocked.
Update: The issue has been resolved.
Downloads on GitHub are powered by Amazon AWS.
This web page at "site url" has been reported as a deceptive site and has been blocked based on your security preferences.
Deceptive sites are designed to trick you into doing something dangerous, like installing software, or revealing personal information, like passwords, phone numbers or credit cards.
Entering any information on this web page may result in identity theft or other fraud.
I tested this using Firefox Stable and Firefox Nightly, and both browsers showed the "deceptive site" intermediary page for most -- but not all -- GitHub release downloads that I tried to download.
Source file downloads don't seem to be affected, but any other download, be it for Windows, Linux or Mac, appears to the flagged by the Firefox browser currently.
While it is theoretically possible that the whole of GitHub has been compromised, it seems highly unlikely. Firefox users may bypass the warning to continue with the download.
- When you get the "Deceptive Site" warning in Firefox, click on the "ignore this warning" link displayed in the bottom right corner of the warning page.
- This bypasses the warning page and starts the download of the selected file.
I tried the downloads in other browsers, thinking that it may be a problem with Google's Safe Browsing security feature. Chrome downloads these release files just fine however which means it is probably not, unless Mozilla uses a different version than Google does.
Closing Words
This is a misconfiguration most likely, and something that will probably be resolved quickly by Mozilla. It is interesting to note that this affects Mozilla's repositories on GitHub as well.