Closed Bug 1397546 Opened 2 years ago Closed 9 months ago

Allow Application Reputation lookups when the blacklist/whitelist is missing

Categories

(Toolkit :: Safe Browsing, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox65 --- fixed

People

(Reporter: francois, Assigned: dimi)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Currently, we disable remote Application Reputation lookups if either the  blacklist or whitelist are empty:

https://searchfox.org/mozilla-central/rev/67f38de2443e6b613d874fcf4d2cd1f2fc3d5e97/toolkit/components/downloads/ApplicationReputation.cpp#1266-1287

Chrome, on the other hand will happily do it even if the whitelist is not available:

https://cs.chromium.org/chromium/src/components/safe_browsing_db/v4_local_database_manager.cc?l=417&rcl=bd5b0a0372ff4d793715cda5269b9d5c7f806b2e

That's a safer default.
Priority: -- → P3
Blocks: 1397938
Assignee: nobody → dlee
Status: NEW → ASSIGNED
I confirmed that the latest Chromium source code did what francois mentioned in the bug description.
I'll provide the patch later, since this may impact the server, we will check with Google before landing the patch.
Before landing this patch, download protection doesn't trigger a remote lookup when
blocklist or allowlist is empty.

After landing this patch, download protection triggers a remote lookup
regardless if blocklist or allowlist is empty.

This is safer default behavior in download protection.
Pushed by dlee@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b7e40bdc132e
Allow Application Reputation lookups when the blacklist/whitelist is missing. r=francois
https://hg.mozilla.org/mozilla-central/rev/b7e40bdc132e
Status: ASSIGNED → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.