Closed
Bug 1397546
Opened 7 years ago
Closed 6 years ago
Allow Application Reputation lookups when the blacklist/whitelist is missing
Categories
(Toolkit :: Safe Browsing, enhancement, P3)
Toolkit
Safe Browsing
Tracking
()
RESOLVED
FIXED
mozilla65
Tracking | Status | |
---|---|---|
firefox65 | --- | fixed |
People
(Reporter: francois, Assigned: dimi)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
Currently, we disable remote Application Reputation lookups if either the blacklist or whitelist are empty:
https://searchfox.org/mozilla-central/rev/67f38de2443e6b613d874fcf4d2cd1f2fc3d5e97/toolkit/components/downloads/ApplicationReputation.cpp#1266-1287
Chrome, on the other hand will happily do it even if the whitelist is not available:
https://cs.chromium.org/chromium/src/components/safe_browsing_db/v4_local_database_manager.cc?l=417&rcl=bd5b0a0372ff4d793715cda5269b9d5c7f806b2e
That's a safer default.
Reporter | ||
Updated•7 years ago
|
Priority: -- → P3
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → dlee
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•6 years ago
|
||
I confirmed that the latest Chromium source code did what francois mentioned in the bug description.
I'll provide the patch later, since this may impact the server, we will check with Google before landing the patch.
Assignee | ||
Comment 2•6 years ago
|
||
Before landing this patch, download protection doesn't trigger a remote lookup when
blocklist or allowlist is empty.
After landing this patch, download protection triggers a remote lookup
regardless if blocklist or allowlist is empty.
This is safer default behavior in download protection.
Pushed by dlee@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b7e40bdc132e
Allow Application Reputation lookups when the blacklist/whitelist is missing. r=francois
Comment 4•6 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in
before you can comment on or make changes to this bug.
Description
•