Get phishing detection to cope with tags within link text

RESOLVED FIXED

Status

MailNews Core
Security
RESOLVED FIXED
12 years ago
5 years ago

People

(Reporter: Ian Neal, Assigned: Ian Neal)

Tracking

(4 keywords)

Trunk
fixed-seamonkey1.0.1, fixed-seamonkey1.1a, fixed1.8.0.2, fixed1.8.1
Bug Flags:
blocking-thunderbird2 +
blocking1.8.0.2 +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:spoof][qa:verified-tb-1802])

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

12 years ago
At the moment misMatchedHostWithLinkText does not cope with tags within the link text e.g. <a href='http://www.e1biotech.com/zboard/data/item1/Koreanp.php'>htt<font></font>ps://i<font></font>bank.b<font></font>arclay<font></font>s.c<font></font>o.uk/ol<font></font>b/p/LoginMem<font></font>ber.do</a>

This is because gatherTextUnder puts a space between each bit of text it gathers.
(Assignee)

Comment 1

12 years ago
Created attachment 210865 [details] [diff] [review]
Strip spaces patch v0.1a

This patch:
* Removes any spaces from linkNodeText prior to checking for http/https.
Assignee: mail → iann_bugzilla
Status: NEW → ASSIGNED
Attachment #210865 - Flags: review?(neil)

Comment 2

12 years ago
Comment on attachment 210865 [details] [diff] [review]
Strip spaces patch v0.1a

Might be worth moving the replace above the empty string test?
Attachment #210865 - Flags: review?(neil) → review+
(Assignee)

Comment 3

12 years ago
Created attachment 210877 [details] [diff] [review]
Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)

Changes since v0.1a:
* Moved replace to before empty string check as per reviewer's comment

Carried forward r=
Attachment #210865 - Attachment is obsolete: true
Attachment #210877 - Flags: review+
(Assignee)

Updated

12 years ago
Attachment #210877 - Flags: superreview?(bienvenu)

Updated

12 years ago
Attachment #210877 - Flags: superreview?(bienvenu) → superreview+
Component: MailNews: Main Mail Window → MailNews: Security
Product: Mozilla Application Suite → Core
Whiteboard: [sg:spoof]
Comment on attachment 210877 [details] [diff] [review]
Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)

David, This is wanted for the 1.8 branch, right?
Attachment #210877 - Flags: branch-1.8.1?(bienvenu)
Attachment #210877 - Flags: approval1.8.0.2?
(Assignee)

Comment 5

12 years ago
Would it be wanted for the TB 1.0.x branch too?
Component: MailNews: Security → Build Config
Product: Core → Mozilla Application Suite

Comment 6

12 years ago
Comment on attachment 210877 [details] [diff] [review]
Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)

yes, for 1.8.1, I'll let Scott weigh in on 1.8.0.1
Attachment #210877 - Flags: branch-1.8.1?(bienvenu) → branch-1.8.1+
(Assignee)

Updated

12 years ago
Component: Build Config → Build Config
Product: Mozilla Application Suite → Core
(Assignee)

Updated

12 years ago
Component: Build Config → MailNews: Security

Comment 7

12 years ago
Iann, can you get this landed on the trunk and 1.8 branches so we can get some community test coverage on it before I approve it for the 1.8.0.x branch? Thanks. 
Comment on attachment 210877 [details] [diff] [review]
Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)

a=biesi on the seamonkey part for seamonkey 1.1
(Assignee)

Comment 9

12 years ago
Comment on attachment 210877 [details] [diff] [review]
Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)

Checking in (trunk)
mail/base/content/phishingDetector.js;
new revision: 1.16; previous revision: 1.15
mailnews/base/resources/content/phishingDetector.js;
new revision: 1.6; previous revision: 1.5
done
Checking in (branch 1.8.1)
mail/base/content/phishingDetector.js;
new revision: 1.12.2.3; previous revision: 1.12.2.2
mailnews/base/resources/content/phishingDetector.js;
new revision: 1.1.2.4; previous revision: 1.1.2.3
done
Attachment #210877 - Attachment description: Pre-empty string check patch v0.1b → Pre-empty string check patch v0.1b (Checked in trunk and 1.8.1 branch)
(Assignee)

Updated

12 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Keywords: fixed-seamonkey1.1a, fixed1.8.1
Resolution: --- → FIXED
Flags: blocking1.8.0.2+
Flags: blocking-thunderbird2+
Comment on attachment 210877 [details] [diff] [review]
Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)

approved for 1.8.0 branch, a=dveditz for drivers
Attachment #210877 - Flags: approval1.8.0.2? → approval1.8.0.2+
Comment on attachment 210877 [details] [diff] [review]
Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)

a=me for sm 1.0.1

Comment 12

12 years ago
Comment on attachment 210877 [details] [diff] [review]
Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)

me2
(Assignee)

Comment 13

12 years ago
Comment on attachment 210877 [details] [diff] [review]
Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)

Checking in (1.8.0 branch)
mail/base/content/phishingDetector.js;
new revision: 1.12.2.1.4.1; previous revision: 1.12.2.1
mailnews/base/resources/content/phishingDetector.js;
new revision: 1.1.2.1.4.3; previous revision: 1.1.2.1.4.2
done
Attachment #210877 - Attachment description: Pre-empty string check patch v0.1b (Checked in trunk and 1.8.1 branch) → Pre-empty string check patch v0.1b (Checked in trunk and 1.8.0 & 1.8.1 branches)
(Assignee)

Updated

12 years ago
Keywords: fixed-seamonkey1.0.1, fixed1.8.0.2
Keywords: relnote

Comment 14

11 years ago
verified that the example link is identified in tb1.5.0.2/windows/20060308 as a phish.
Whiteboard: [sg:spoof] → [sg:spoof][qa:verified-tb-1802]
Group: security

Comment 15

11 years ago
*** Bug 324391 has been marked as a duplicate of this bug. ***
Product: Core → MailNews Core
Keywords: relnote
You need to log in before you can comment on or make changes to this bug.