Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox 89.0.1 Checksum

  • 3 replies
  • 1 has this problem
  • 1 view
  • Last reply by TyDraniu

more options

I downloaded Firefox 89.0.1 via Microsoft Edge from the regular mozilla.org site.

I was redirected to this site after the download started: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-stub/de/win/[...]/Firefox%20Installer.exe

I was confused when I saw, that the sha256 checksum mismatched with the one in the repository. Also after multiply downloads from the mentioned site, I recognized all installation files had different checksums.

Is this a bug or a malicious firefox download? Or smth else?

Thanks in advance.

I downloaded Firefox 89.0.1 via Microsoft Edge from the regular mozilla.org site. I was redirected to this site after the download started: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-stub/de/win/[...]/Firefox%20Installer.exe I was confused when I saw, that the sha256 checksum mismatched with the one in the repository. Also after multiply downloads from the mentioned site, I recognized all installation files had different checksums. Is this a bug or a malicious firefox download? Or smth else? Thanks in advance.

Modified by MaxTheSaxguy

Chosen solution

I've heard about it, see:

The file should be safe. The hypothesis is that Moz attaches something to recognize a download source or to measure a marketing campaign metric.

Read this answer in context 👍 0

All Replies (3)

more options

To control which download you get, it might be simpler to use this server:

more options

Thank you for your answer.

My question is more about why the SHA256 checksums change constantly with each download and if a download via https://cdn.stubdownloader.services.mozilla.com/ is safe or not.

Modified by MaxTheSaxguy

more options

Chosen Solution

I've heard about it, see:

The file should be safe. The hypothesis is that Moz attaches something to recognize a download source or to measure a marketing campaign metric.