Closed Bug 770633 Opened 12 years ago Closed 11 years ago

Phishing/Malware Page "Ignore Warning" is cached

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: devd, Unassigned)

Details

Go to http://www.mozilla.org/firefox/its-a-trap.html
click on ignore warning.

Now you will see the page, but with an infobar warning at the top. Now open 
http://www.mozilla.org/firefox/its-a-trap.html in a new tab, and you will go to the page directly, instead of being shown a warning.

You can also close the tab with the infobar warning, and any new loads don't trigger the warning either.

This is caused by http://mxr.mozilla.org/mozilla-central/source/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#4062 having only the choices: MALWARE, PHISHING, OR SAFE. This means the URL classifier can't report "USER OVERRIDE", which the browser can then use to display the warning.
I haven't tested this, but I suspect this also means that the phishing page can trivially also open itself in a new window (or maybe just refresh, or navigate to a safe page and go back), thus bypassing the warning.
The caching is the intended behavior according to bug 468313 except the missing warning on reload but that is not what the summary describes as problem.

This report looks invalid....
Intended, see comment 2.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.