282316 - RFE: Show when user visits new SSL site (anti phishing)

Status: NEW

(Firefox :: Security, enhancement)

Description

[s.marshall]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b) Gecko/20050201 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b) Gecko/20050201 Firefox/1.0+

If a user follows a link in an email and reaches a site that looks like (for
example) their bank, they may not check the address bar to realise that it is
different. This applies whether or not the address is similar (as in
paypa1.com), visually identical (IDN issue bug 279099), different but
potentially confusing (paypal-secure.com), or totally unrelated
(honestjohnphish.com). These phishing sites, especially those in the last
category, could obtain valid SSL certificates.

In order to provide the level of security expected when users see a 'secure'
site with the padlock and yellow address bar, Mozilla should warn when users
visit a secure site that they have never before sent data to.

I would suggest implementing a solution as follows:

1) Maintain a list of https sites to which a user has sent form information.
This should be separate from history as it needs to persist. In order to avoid
privacy concerns, it could be stored as a secure hash of each domain. (Note: If
I recall rightly, this idea came from an article Gerv wrote.)

2) On visiting an https site not in this list, the browser (Mozilla, Firefox)
should present warning UI such as a yellow bar across the top 'You have not
previously visited this secure site. Ensure it is genuine before sending data'. 

3) Disable form controls (and other items which could return data to the site,
such as Java applets) until the user clicks on the bar and chooses to allow the
site.

As an additional refinement, I would suggest including hashes for a few hundred
'known' secure sites preinstalled with the browser; this would include common
sites like ebay, paypal, amazon, microsoft, mozilla.org :), banks, etc. in order
to reduce the need for this UI altogether.

Reproducible: Always

Steps to Reproduce:
1. Following a link in email, visit the (imaginary) paypal.honestjohn.com site,
which looks just like paypal
2. The site includes a security padlock and yellow address bar, so a user dumb
enough to follow the link from email in the first place may assume it is safe
3. User enters their credit card details and Paypal password into site

Actual Results:  
4. Profit. (for honestjohn)

Expected Results:  
Form controls are disabled, so when user tries to give away their credit card,
they find they cannot. They then notice the yellow warning bar on the page (or
perhaps a dialogue pops up on clicking the form controls). On closer examination
the user realises this site isn't paypal.com, has an epiphany and vows never to
click links from suspicious emails again.