Closed
Bug 327226
Opened 18 years ago
Closed 17 years ago
www prefix can confuse the phishing detector
Categories
(Thunderbird :: Mail Window Front End, defect)
Thunderbird
Mail Window Front End
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird2.0
People
(Reporter: mscott, Assigned: mkmelin)
Details
(Keywords: fixed-seamonkey1.1.2, fixed1.8.1.3)
Attachments
(1 file)
1.75 KB,
patch
|
iannbugzilla
:
review+
mscott
:
superreview+
mscott
:
approval-thunderbird2+
|
Details | Diff | Splinter Review |
Rafael had an e-mail sig that had a URL of: actual anchor src: http://www.mozilla.org user text: http://mozilla.org This triggered the phishing detector because we detected that the url being shown to the user did not match the actual url you would get taken too. I wonder if we should hack a check for "www." and strip that off the front of the host name before doing the comparison.
Reporter | ||
Updated•18 years ago
|
Target Milestone: --- → Thunderbird2.0
Reporter | ||
Updated•18 years ago
|
Keywords: helpwanted
Comment 1•18 years ago
|
||
Scott, is this a decision then? Must the phising detection strip www from the hostname? If so, I'll take this. The phishing code will be easy to change to add this.
Status: NEW → ASSIGNED
Reporter | ||
Comment 2•18 years ago
|
||
I think we should do it. I can't see a problem with saying www.foo.org is the same host as foo.org
Reporter | ||
Comment 3•18 years ago
|
||
cc'ing Ray since he expressed an interest in helping out with this.
Comment 4•18 years ago
|
||
Yes, I'll take this. Patch forthcoming. Do you have a preference for a regex match or just strip any www?
Assignee: mscott → bugzilla.mozilla
Status: ASSIGNED → NEW
Assignee | ||
Comment 5•17 years ago
|
||
Don't mark as scam for host mismatch on only www prefix.
Assignee: raybooysen → mkmelin+mozilla
Status: NEW → ASSIGNED
Attachment #255131 -
Flags: superreview?(mscott)
Attachment #255131 -
Flags: review?(mscott)
Assignee | ||
Updated•17 years ago
|
Reporter | ||
Comment 6•17 years ago
|
||
Comment on attachment 255131 [details] [diff] [review] proposed fix (checked in trunk / 1.8 branch) sr=me, you might need a seamonkey reviewer to ok the mainews version. I'd recommend iann@arlen.demon.co.uk. Magnus, it might also be interesting to spin up a separate bug to look at using the new TLD (top level domain) stuff available on the trunk so urls that have the same top level domain are considered safe.
Attachment #255131 -
Flags: superreview?(mscott) → superreview+
Reporter | ||
Comment 7•17 years ago
|
||
Comment on attachment 255131 [details] [diff] [review] proposed fix (checked in trunk / 1.8 branch) or you could ask Karsten
Attachment #255131 -
Flags: review?(mscott) → approval-thunderbird2+
Assignee | ||
Updated•17 years ago
|
Attachment #255131 -
Flags: review?(iann_bugzilla)
Attachment #255131 -
Flags: review?(iann_bugzilla) → review+
Assignee | ||
Updated•17 years ago
|
Whiteboard: [checkin needed] [checkin needed (1.8 branch)]
Comment 8•17 years ago
|
||
mozilla/mail/base/content/phishingDetector.js 1.25 mozilla/mailnews/base/resources/content/phishingDetector.js 1.13
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Whiteboard: [checkin needed] [checkin needed (1.8 branch)] → [checkin needed (1.8 branch)]
Reporter | ||
Comment 9•17 years ago
|
||
I approved and landed the Thunderbird change on the branch. There's no easy way to nominate the seamonkey patch though.
Keywords: fixed1.8.1.3
Whiteboard: [checkin needed (1.8 branch)]
Comment 10•17 years ago
|
||
a=me for SM1.1.2, need one more
Comment 11•17 years ago
|
||
Comment on attachment 255131 [details] [diff] [review] proposed fix (checked in trunk / 1.8 branch) a=Neil for SM1.1.2 via IRC Checking in (1.8 branch) phishingDetector.js; new revision: 1.1.2.9; previous revision: 1.1.2.8 done
Attachment #255131 -
Attachment description: proposed fix → proposed fix (checked in trunk / 1.8 branch)
Keywords: fixed-seamonkey1.1.2
Whiteboard: approval-seamonkey1.1.2?
You need to log in
before you can comment on or make changes to this bug.
Description
•