Closed Bug 700607 Opened 13 years ago Closed 13 years ago

block reported attack sites

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
7 Branch
Platform:
x86_64
Windows Vista
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: anthonygerrard+bugzilla.mozilla.org, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Build ID: 20110928134238

Steps to reproduce:

Firefox 7.0.1
Check "Block reported attack sites" is enabled in the security tab of options
Visit Firefox test attack site http://www.mozilla.org/firefox/its-an-attack.html


Actual results:

Page displayed no problems


Expected results:

Page should have been blocked

Also: My computer was infected with a nasty bit of malware after visiting [DO NOT VISIT THIS SITE] www dot ihateryanair dot org yesterday whilst using Firefox 7.0.1.
I've also tried doing this in Firefox safe mode with the same result
Our .com and .org websites recently merged, and the its-an-attack and its-a-trap pages used to be a .com URLs. Dave says there's a pending fix (bug 693389) to deal with those. So it's true that those two pages are not correctly detected, and therefore they can't be used to determine the more important question of whether SafeBrowsing as a whole is broken or working for you. For purposes of this bug let's ignore those two pages since they're already covered.

If you change that URL to .com then it should be blocked
http://www.mozilla.com/firefox/its-an-attack.html

Is it blocked (it is for me)? then SafeBrowsing is working. If it's not then we can investigate that further.

I didn't see anything obviously bad on the front page of the site you mentioned. Were you deeper into the site? It's possible it was something transient like an ad, and also possible it's detecting my location and serving me a "nice" version.

The most common ways users get hacked is through outdated plugins. Please visit
https://www.mozilla.com/en-US/plugincheck/ and make sure yours are OK. Update those that aren't and disable any you don't need (from the Addons dialog, found on the Tools menu).
Depends on: 693389
Yes the .com site is blocked so Firefox is working correctly.  

I'm 99% sure the attack was from that site.  I cross referenced when the malicious files were created on my PC with my browser history and that was the only site I visited at the time.

My QuickTime and Java plugins were out of date and I've updated those.

Thanks for your help
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.