Open Bug 1409559 Opened 7 years ago Updated 2 years ago

Hard-coded report URLs for Safe Browsing detection errors

Categories

(Toolkit :: Safe Browsing, enhancement, P3)

Product:
Toolkit
Component:
Safe Browsing
Type:
enhancement

Tracking

()

Tracking Flags:
Tracking Status
firefox57 --- affected
firefox58 --- affected

People

(Reporter: francois, Unassigned)

References

Details

The URLs for reporting detection mistakes in malware and phishing lists are hardcoded to stopbadware.org and safebrowsing.google.com:

https://searchfox.org/mozilla-central/rev/dca019c94bf3a840ed7ff50261483410cfece24f/browser/base/content/content.js#185
https://searchfox.org/mozilla-central/rev/dca019c94bf3a840ed7ff50261483410cfece24f/browser/base/content/content.js#195

instead of using the built-in redirections:

https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url=
https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=

that are defined in:

browser.safebrowsing.provider.google.reportMalwareMistakeURL
browser.safebrowsing.provider.google.reportPhishMistakeURL
browser.safebrowsing.provider.google4.reportMalwareMistakeURL
browser.safebrowsing.provider.google4.reportPhishMistakeURL

The patch in bug 1409348 will fix this issue in the most common case where the provider is Google.

We should deal with providers without a report URL in a better: use different copy and remove the "report detection problem" link.
Priority: P2 → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.