Closed Bug 1397546 Opened 7 years ago Closed 6 years ago

Allow Application Reputation lookups when the blacklist/whitelist is missing

Categories

(Toolkit :: Safe Browsing, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox65 --- fixed

People

(Reporter: francois, Assigned: dimi)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Currently, we disable remote Application Reputation lookups if either the blacklist or whitelist are empty: https://searchfox.org/mozilla-central/rev/67f38de2443e6b613d874fcf4d2cd1f2fc3d5e97/toolkit/components/downloads/ApplicationReputation.cpp#1266-1287 Chrome, on the other hand will happily do it even if the whitelist is not available: https://cs.chromium.org/chromium/src/components/safe_browsing_db/v4_local_database_manager.cc?l=417&rcl=bd5b0a0372ff4d793715cda5269b9d5c7f806b2e That's a safer default.
Priority: -- → P3
Blocks: 1397938
Assignee: nobody → dlee
Status: NEW → ASSIGNED
I confirmed that the latest Chromium source code did what francois mentioned in the bug description. I'll provide the patch later, since this may impact the server, we will check with Google before landing the patch.
Before landing this patch, download protection doesn't trigger a remote lookup when blocklist or allowlist is empty. After landing this patch, download protection triggers a remote lookup regardless if blocklist or allowlist is empty. This is safer default behavior in download protection.
Pushed by dlee@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b7e40bdc132e Allow Application Reputation lookups when the blacklist/whitelist is missing. r=francois
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: