User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101028 4 Build Identifier: magic pixie dust! firefox should offer https protection for software downloads. For example, Users go to http://www.mozilla.com/en-US/firefox/firefox.html and they download firefox. This site only offers a http download link. Really it should be a https download link. I propose mozilla makes a small separate downloader / application which is fetched over https, say from https://ftp.mozilla.org/ which will have a method of verifying mozilla software as being valid(signed or matching a sha1sum etc.). Then the small program / download(manager) can pick a mirror to download the software the user wanted from and verify it. Reproducible: Always Steps to Reproduce: see above! Actual Results: see above! Expected Results: see above!