User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:184.108.40.206) Gecko/20070219 Firefox/220.127.116.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20070219 Firefox/22.214.171.124 (note: I investigate Phish sites, so I have Phish Warnings off by default) Clicking a link in an email message launches FF and promptly displays the "Suspected Web Forgery" dialog, even though I have disabled it in the Options Security panel. This does not happen on subsequently loaded URLs in that session. Reproducible: Always Steps to Reproduce: (See details) Actual Results: (See details) Expected Results: browser.safebrowsing.enabled=false should be obeyed This is not high priority for me, let alone anyone else. But if you're in the neighborhood of the offending code.........
I'm having a hard time reproducing. I started Firefox on a new profile, disabled phishing protection in the options dialog, then set my home page to a site on this list: http://sb.google.com/safebrowsing/update?version=goog-black-url:1:-1 When I restarted Firefox, I didn't see the phishing warning. Is this with the same profile or multiple profiles?
Please change Reproducible: Always to Reproducible: approximately 2 out of 5 tries on a moderately loaded profile This appears to be a race condition, and definitely could depend on the startup load of a particular profile. Thank you for that link. I shall try to reproduce on various profiles and report back. Obviously, I will test a default profile. Do you have any suggestions for add-ons that would be a good test of a heavily loaded profile that would affect startup timing? And finally, does this have broader implications, or do you also see this as quite low on the priority scale? (Just so I know how much work to put into it.)
The URL I chose was ... http://www.volksbank.de.networld.onlineid25147492.moremi3or.biz/vr/ ... which currently is in the list. I am launching FF via Start, Run, http://www.volksbank.de.networld.onlineid25147492.moremi3or.biz/vr/ [OK button] With a default profile, Phishing Protection on via list or lookup, I get the warning. With Phishing Protection off, I get the warning 0 out of 5 tries. With my profile, Phishing Protection off, I get the warning 5 out of 5 tries. My extensions: Enabled Extensions: (14) Adblock Filterset.G Updater 0.3.0.5 Adblock Plus 0.7.2.4 Check4Change 1.6 Google Browser Sync 1.3.20061031.0 Image Zoom 0.2.7 Live HTTP Headers 0.13.1 QuickJava 0.4.2.1 RefControl 0.8.9 ShowIP 0.8.05 Talkback 126.96.36.199 Tamper Data 9.8.1 Web Developer 1.1.3 WOT 20070226 Please let me know if you want further information.
PS: You might notice I only listed 13 extentions, when 14 are mentioned. Listzilla (which made the nice list) was the 14th but was not installed during my test.
> If this is happening in the remote lookup mode > (browser.safebrowsing.remoteLookups also set to true), it may have some privacy > implications since the URL of the page would be sent to a third party against > the user's wishes. Okay, I tested this and, unfortunately, you are correct. There is a undesired conversation with sb.l.google.com in that particular case. I went to Options and enabled Phishing Protection and chose Remote Lookups. After confirming that this brought the alert as expected, I then disabled Phishing Protection by clearing the checkmark via the options panel. I then did Start, Run, http://www.volksbank.de.networld.onlineid25147492.moremi3or.biz/vr/ and the alert appeared. Wireshark captured the following conversation: No. Time Source Destination Protocol Info 122 19.144923 192.168.177.116 sb.l.google.com HTTP GET /safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client=navclient-auto-ffox188.8.131.52&mozver=184.108.40.206-2007021917&encver=1&nonce=1380457&wrkey=MTqVMiu4pq6PMjr-TeknUsZS&encparams=7bJ5Bkxuo0HhKOMIjiEIlj33Rl%2By6C%2BDLsOsbH%2FojNCSi1cbjznzHaSqlQN5Fz4mwghTFmY2r%2FHySpyDfWNoaUHkoV5U5IX7FbswBWKfe9w%3D& HTTP/1.1 Hypertext Transfer Protocol GET /safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client=navclient-auto-ffox220.127.116.11&mozver=18.104.22.168-2007021917&encver=1&nonce=1380457&wrkey=MTqVMiu4pq6PMjr-TeknUsZS&encparams=7bJ5Bkxuo0HhKOMIjiEIlj33Rl%2By6C%2BDLsOsbH%2 Host: sb.google.com\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:22.214.171.124) Gecko/20070219 Firefox/126.96.36.199\r\n Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n Accept-Language: en-us,en;q=0.5\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Keep-Alive: 300\r\n Connection: keep-alive\r\n Cookie: [removed by author] \r\n No. Time Source Destination Protocol Info 125 19.184894 sb.l.google.com 192.168.177.116 HTTP HTTP/1.1 200 OK (text/plain) Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Content-Type: text/plain\r\n Content-Encoding: gzip\r\n Server: TrustRank Frontend\r\n Cache-Control: private, x-gzip-ok=""\r\n Content-Length: 31 Date: Mon, 26 Feb 2007 22:03:59 GMT\r\n \r\n Content-encoded entity body (gzip): 31 bytes -> 11 bytes Line-based text data: text/plain ... I do want to add that the Wireshark experiment did reveal that I had 5 RSS feeds in the bookmarks toolbar, so -- in addition to the startup timing delays caused by add-ons, these feeds were queried as part of startup, too. Hope that helps.