Closed
Bug 1003590
Opened 11 years ago
Closed 10 years ago
safebrowsing requests 403 forbidden
Categories
(SeaMonkey :: Security, defect)
SeaMonkey
Security
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 920951
People
(Reporter: kevink9876543, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26 (Beta/Release)
Build ID: 20140415212235
Steps to reproduce:
Install HTTPFox in SeaMonkey, set it up to monitor requests on browser startup, restart SeaMonkey, open HTTPFox, and wait for the Google safebrowsing requests to appear.
Actual results:
All the safebrowsing requests were rejected with 403 Forbidden.
Expected results:
The first POST request should have been successful and followed by several safebrowsing related downloads.
Reporter | ||
Updated•11 years ago
|
OS: Mac OS X → All
Hardware: x86 → All
> POST 403 text/html (NS_ERROR_ABORT)
> http://safebrowsing.clients.google.com/safebrowsing/downloads?client=api
> &apikey=ABQIAAAALT_LuARPWqUj7bX2mqWTJRQt2QEr-yGktcva5ZhZnWk7HItT7w
> &appver=2.25 &pver=2.2
> &wrkey=AKEgNiuul7zG1on8T_nsxgcOG9IMLelAuTJ57aVFyWYFvJwJnZl5pG8ls6JLvZI0DBg3x2RXw2N_DoWVzTVKsGuhNaasi-AxlQ==
As comparison in FF:
> POST https://safebrowsing.google.com/safebrowsing/downloads [HTTP/1.1 200 OK 344ms]
> GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChN ...[HTTP/1.1 200 OK 1156ms]
Status: UNCONFIRMED → NEW
Ever confirmed: true
Guess I should note, that in my (existing Profile) /safebrowsing/ directory I have older files like googpub-*, which I suppose are no longer used ? & also goog-*, most recently dated 04/25/2014.
In a newly created Profile, only (I suppose it is) the Mozilla default set of files, test-* files are created.
> 02/06/2014 10:32 AM 12 googpub-phish-shavar.cache
> 02/06/2014 10:32 AM 854,702 googpub-phish-shavar.pset
> 02/06/2014 10:32 AM 697,807 googpub-phish-shavar.sbstore
> 04/25/2014 11:06 AM 652 goog-malware-shavar.cache
> 04/25/2014 11:06 AM 517,554 goog-malware-shavar.pset
> 04/25/2014 11:06 AM 395,085 goog-malware-shavar.sbstore
> 04/30/2014 10:34 AM 44 test-malware-simple.cache
> 04/30/2014 10:34 AM 16 test-malware-simple.pset
> 04/30/2014 10:34 AM 232 test-malware-simple.sbstore
> 04/30/2014 10:34 AM 44 test-phish-simple.cache
> 04/30/2014 10:34 AM 16 test-phish-simple.pset
> 04/30/2014 10:34 AM 232 test-phish-simple.sbstore
Reporter | ||
Comment 3•11 years ago
|
||
I don't have a safebrowsing directory, or any files that look like those, in my SeaMonkey profile...
Note: the safebrowsing feature itself seems to work - if I go to the test pages,
http://mozilla.org/firefox/its-an-attack.html
http://mozilla.org/firefox/its-a-trap.html
SeaMonkey does block them.
> I don't have a safebrowsing directory, or any files that look like those
Strange. Wonder if they're stored elsewhere on a Mac?
> the safebrowsing feature itself seems to work
Not so sure about that.
At the most, thinking it would only be as current/valid as the latest set of hashes you have (if any at all).
And from what I gather, those mozilla "attack" pages are specifically programed to be detected. I have seen them both detected & not (instead showing ... It’s a Trap! ...).
This is a /REAL/ (so be aware in that regard) reported attack page:
> webevangelista.blogspot.com
FF is detecting it.
SeaMonkey is not.
If I (exit SeaMonkey &) copy the goog-* hash files from a FF Profile into the /safebrowsing/ directory, then fire up SeaMonkey & visit the attack page, it is then correctly detected.
Reporter | ||
Comment 5•11 years ago
|
||
(In reply to therube from comment #4)
> > I don't have a safebrowsing directory, or any files that look like those
>
> Strange. Wonder if they're stored elsewhere on a Mac?
That's it. Looks like they're stored with the cache.
On Mac OS X: ~/Library/Caches/SeaMonkey/Profiles/[profilename]/
And on Linux: ~/.cache/mozilla/seamonkey/[profilename]/
> If I (exit SeaMonkey &) copy the goog-* hash files from a FF Profile into
> the /safebrowsing/ directory, then fire up SeaMonkey & visit the attack
> page, it is then correctly detected.
So yes, the feature still works, only it's not able to download the proper database / updates.
Are you suggesting a temporary workaround? If so, is there any reason Fx 18.0.2 safebrowsing data files wouldn't work with SeaMonkey 2.26?
DUP of Bug 920951 - Update SeaMonkey Safebrowsing preferences to sync with Mozilla-Central
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•