Open
Bug 1356426
Opened 7 years ago
Updated 1 month ago
We should check downloads against the goog-badbinurl-shavar list prior to downloading them
Categories
(Toolkit :: Safe Browsing, enhancement, P3)
Toolkit
Safe Browsing
Tracking
()
REOPENED
People
(Reporter: francois, Unassigned)
References
(Blocks 2 open bugs)
Details
We could abort the download early by checking the blacklist prior to actually contacting the server and downloading anything. Note that it would only affect a small number of downloads (0.01% of all downloads): - Nightly 55: https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-11&keys=__none__!__none__!__none__&max_channel_version=nightly%252F55&measure=APPLICATION_REPUTATION_LOCAL&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-08&table=1&trim=1&use_submission_date=0 - Aurora 54: https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-11&keys=__none__!__none__!__none__&max_channel_version=aurora%252F54&measure=APPLICATION_REPUTATION_LOCAL&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-08&table=1&trim=1&use_submission_date=0 - Beta 53: https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-06&keys=__none__!__none__!__none__&max_channel_version=beta%252F53&measure=APPLICATION_REPUTATION_LOCAL&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-07&table=1&trim=1&use_submission_date=0 This is what the first test case of Desktop Download Warnings covers: https://testsafebrowsing.appspot.com/ It's possible we could hook into the same triggers as the download manager and simply show the malware interstitial prior to releasing the download to it. (The UI on Chrome is the same for DANGEROUS verdicts and URLs on the blacklist.)
Comment 1•6 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
Reporter | ||
Updated•6 years ago
|
Status: RESOLVED → REOPENED
Resolution: INACTIVE → ---
Reporter | ||
Comment 2•6 years ago
|
||
(In reply to François Marier [:francois] from comment #0) > Note that it would only affect a small number of downloads (0.01% of all > downloads): This statement is wrong. The probe I referenced is not per-download, but rather per-URL-check. So for example a given download might send a ping for the download URL, the redirect URL and the referrer URL (i.e. 3 pings in total). We don't yet have a per-download probe that could help us determine the proportion of downloads that would be affected.
Updated•2 years ago
|
Severity: normal → S3
Blocks: shavar-deprecation
You need to log in
before you can comment on or make changes to this bug.
Description
•