Closed Bug 317720 Opened 16 years ago Closed 15 years ago

Some emails use <area href> to get round phishing detection

Categories

(SeaMonkey :: MailNews: Message Display, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: iann_bugzilla, Assigned: iann_bugzilla)

Details

(Keywords: fixed-seamonkey1.0, fixed1.8.1)

Attachments

(2 files, 2 obsolete files)

See paste from recent phishy email:
<html><p><font face="Arial"><A HREF="http://www.personal.barclays.co.uk/goto/pfsolb_login"><map name="FPMap0"><area coords="0, 0, 434, 307" shape="rect" href="http://200.176.40.9:680/rock/Isa/"></map><img SRC="cid:part1.03000602.05060503@custservice_14998@barclays.co.uk" border="0" usemap="#FPMap0"></A></a></font></p><p><font color="#FFFFFE">Prom Hairstyles Weather Hungry Liberians  select location from  would you like to pay  </font></p></html>
This patch:
* Adds a check on <area> tag href attributes for possible phishes
Assignee: mail → iann_bugzilla
Status: NEW → ASSIGNED
Attachment #204143 - Flags: review?(neil.parkwaycc.co.uk)
Flags: blocking-seamonkey1.0b?
Comment on attachment 204143 [details] [diff] [review]
Patch to add checks on area tags v0.1

IMHO you should have used document.links in the first case, this includes all a and area tags with href attributes.
Attachment #204143 - Flags: review?(neil.parkwaycc.co.uk) → review-
Changes since v0.1:
* Removed checking of anchors and areas
* Added checking of all links instead
Attachment #204143 - Attachment is obsolete: true
Attachment #204156 - Flags: review?(neil.parkwaycc.co.uk)
Comment on attachment 204156 [details] [diff] [review]
Patch to change check to all links v0.1a

I haven't tested this but it looks OK.

>+      isEmailScam = forms[index].action.search("addbook") != 0;
Nit: !/^addbook:/.test(forms[index].action)
(I assume here that addbook: is the special add to address book scheme used by vcards)
Attachment #204156 - Flags: review?(neil.parkwaycc.co.uk)
Changes since v0.1a:
* Revised form action check as per Neil's comment and tested.
Attachment #204156 - Attachment is obsolete: true
Attachment #204227 - Flags: review?(neil.parkwaycc.co.uk)
Attachment #204227 - Flags: review?(neil.parkwaycc.co.uk) → review+
Attachment #204227 - Flags: superreview?(bienvenu)
Comment on attachment 204227 [details] [diff] [review]
link test action patch v0.1b (Checked in trunk, TB part in branch 1.8)

I'll let Scott look at this...
Attachment #204227 - Flags: superreview?(bienvenu) → superreview?(mscott)
Comment on attachment 204227 [details] [diff] [review]
link test action patch v0.1b (Checked in trunk, TB part in branch 1.8)

Thanks for porting the fix to tbird too.
Attachment #204227 - Flags: superreview?(mscott) → superreview+
Comment on attachment 204227 [details] [diff] [review]
link test action patch v0.1b (Checked in trunk, TB part in branch 1.8)

Checking in
mail/base/content/phishingDetector.js;
new revision: 1.15; previous revision: 1.14
mailnews/base/resources/content/phishingDetector.js;
new revision: 1.4; previous revision: 1.3
done
Attachment #204227 - Attachment description: link test action patch v0.1b → link test action patch v0.1b (Checked in)
Comment on attachment 204227 [details] [diff] [review]
link test action patch v0.1b (Checked in trunk, TB part in branch 1.8)

Requesting approval for branch, low risk and gives slightly improved phishing detection for TB and SM
Attachment #204227 - Flags: approval1.8.0.1?
Comment on attachment 204227 [details] [diff] [review]
link test action patch v0.1b (Checked in trunk, TB part in branch 1.8)

Iann, I'm gonna minus this nomination because 1.8.0.x is flag for the 1.8 security releases and this isn't a serious security issue.

There's a 1.8.1 approval flag which I don't see here for seamonkey bugs (?) which you could nominate this for.
Attachment #204227 - Flags: approval1.8.0.1? → approval1.8.0.1-
Unfortunately, it can't block SeaMonkey 1.0 Beta if it can't land in 1.8.0.x
Flags: blocking-seamonkey1.0b? → blocking-seamonkey1.0b-
This is a SeaMonkey only part of patch v0.1b for checkin to branch.
Carrying forward r and sr and requesting branch approval for this low risk patch which gives better phishing detection for the user
Attachment #205088 - Flags: superreview+
Attachment #205088 - Flags: review+
Attachment #205088 - Flags: approval1.8.0.1?
Attachment #205088 - Flags: approval1.8.0.1? → approval-seamonkey1.0?
Comment on attachment 205088 [details] [diff] [review]
SeaMonkey only version of patch for branch v0.1b_sm (Checked into branch 1.8 & 1.8.0)

a=me for the SeaMonkey-only change
Comment on attachment 205088 [details] [diff] [review]
SeaMonkey only version of patch for branch v0.1b_sm (Checked into branch 1.8 & 1.8.0)

a=me for the SeaMonkey-only change
Comment on attachment 205088 [details] [diff] [review]
SeaMonkey only version of patch for branch v0.1b_sm (Checked into branch 1.8 & 1.8.0)

a=me for the SeaMonkey-only change
Comment on attachment 205088 [details] [diff] [review]
SeaMonkey only version of patch for branch v0.1b_sm (Checked into branch 1.8 & 1.8.0)

a=me for the SeaMonkey-only change
Comment on attachment 205088 [details] [diff] [review]
SeaMonkey only version of patch for branch v0.1b_sm (Checked into branch 1.8 & 1.8.0)

Checking in
phishingDetector.js;
new revision: 1.1.2.2; previous revision: 1.1.2.1
done
Attachment #205088 - Attachment description: SeaMonkey only version of patch for branch v0.1b_sm → SeaMonkey only version of patch for branch v0.1b_sm (Checked into branch)
I'll leave this open for possible check in of TB part to 1.8.1 branch
Whiteboard: fixed-seamonkey1.0
Comment on attachment 205088 [details] [diff] [review]
SeaMonkey only version of patch for branch v0.1b_sm (Checked into branch 1.8 & 1.8.0)

Checking in (branch 1.8.0)
phishingDetector.js;
new revision: 1.1.2.1.4.1; previous revision: 1.1.2.1
done
Attachment #205088 - Attachment description: SeaMonkey only version of patch for branch v0.1b_sm (Checked into branch) → SeaMonkey only version of patch for branch v0.1b_sm (Checked into branch 1.8 & 1.8.0)
Comment on attachment 204227 [details] [diff] [review]
link test action patch v0.1b (Checked in trunk, TB part in branch 1.8)

I'd like to get this in for Thunderbird 2.0. Lemme know if you need me to land this on the 1.8.1 branch for you.
Attachment #204227 - Flags: approval1.8.1+
Comment on attachment 204227 [details] [diff] [review]
link test action patch v0.1b (Checked in trunk, TB part in branch 1.8)

Checking in (branch 1.8)
phishingDetector.js;
new revision: 1.12.2.2; previous revision: 1.12.2.1
done
Attachment #204227 - Attachment description: link test action patch v0.1b (Checked in) → link test action patch v0.1b (Checked in trunk, TB part in branch 1.8)
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Keywords: fixed1.8.1
Resolution: --- → FIXED
Whiteboard: fixed-seamonkey1.0
You need to log in before you can comment on or make changes to this bug.