Make use of the application reputation allow list on OSX and Linux

RESOLVED FIXED in Firefox 55

Status

()

Toolkit
Safe Browsing
P2
normal
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: francois, Assigned: francois)

Tracking

unspecified
mozilla55
Points:
---

Firefox Tracking Flags

(firefox55 fixed)

Details

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

a year ago
After being suggested in a review comment (https://bugzilla.mozilla.org/show_bug.cgi?id=964465#c20), we disabled the application reputation allow list in bug 974579 since at the time it was true that we didn't do
remote lookups on OSX and Linux and so the allow list was pointless.

However, remote lookups where enabled on OSX and Linux in bug 1111741 but we mistakenly kept the allow list Windows-only.

These comments are wrong:

https://searchfox.org/mozilla-central/rev/fcd9f1480d65f1a5df2acda97eb07a7e133f6ed4/toolkit/components/downloads/ApplicationReputation.cpp#1287
https://searchfox.org/mozilla-central/rev/fcd9f1480d65f1a5df2acda97eb07a7e133f6ed4/modules/libpref/init/all.js#5152-5154

since the the allow list is used for both certificate fingerprint checks (Windows-only) but also for hostname lookups:

https://searchfox.org/mozilla-central/rev/fcd9f1480d65f1a5df2acda97eb07a7e133f6ed4/toolkit/components/downloads/ApplicationReputation.cpp#452-456

and about 15% of checks are covered by the allow list:

https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-04&keys=__none__!__none__!__none__&max_channel_version=nightly%252F55&measure=APPLICATION_REPUTATION_LOCAL&min_channel_version=null&os=Windows_NT&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-08&table=1&trim=1&use_submission_date=0

So by enabling the allow list on OSX and Linux, we should reduce the percentage of downloads which end up causing a remote lookup with the Google service.
Comment hidden (mozreview-request)

Comment 3

a year ago
mozreview-review
Comment on attachment 8855977 [details]
Bug 1354713 - Make use of the application reputation allow list on OSX and Linux.

https://reviewboard.mozilla.org/r/127836/#review133878
Attachment #8855977 - Flags: review?(gpascutto) → review+

Comment 4

a year ago
Pushed by fmarier@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4b2034a89c67
Make use of the application reputation allow list on OSX and Linux. r=gcp

Comment 5

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/4b2034a89c67
Status: ASSIGNED → RESOLVED
Last Resolved: a year ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.