Closed
Bug 384764
Opened 17 years ago
Closed 15 years ago
Phishing protection crashes on a forgery that times out
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: flore, Unassigned)
References
()
Details
Attachments
(4 files)
The phishing window on the time out page refuses to be closed
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 When a forgery page times out, the anti phishing bugs and the anti phishing window refuses to be closed. Reproducible: Always Steps to Reproduce: 1. I received a scam e-mail on thunderbird (about a paypal account) and just for fun and see the anti phishing function in Firefox, I clicked on the link (ignoring Thunderbird advice) : http://202.129.35.178/~nakorn/image/wamu.html 2. The page takes a long time to load, so the time-out page was displayed. And the anti phishing window appeared at the same time. 3. I clicked on the red cross, to close the window. Doesn't work. Nor does any of the other buttons Actual Results: It is impossible to close the anti phishing window, whatever I do. If I close the tab, the icon on the address bar remains and the window briefly appears every time I open a new tab. In the same session, if I open the test phishing page ( http://www.google.com/tools/firefox/safebrowsing/phish-o-rama.html ) firefox still bugs (I will provide screenshots). Expected Results: The window should close normally when clicking on the appropriate buttons. On a new session of Firefox the google test page works perfectly. This bug appears only when the forgery page times out.
|
Reporter | |
Comment 1•17 years ago
|
||
|
|
Reporter | |
Comment 2•17 years ago
|
||
This bug persists until I close the session.
|
|
Reporter | |
Comment 3•17 years ago
|
||
I closed the google phishing test page to get back to the first tab (bugzilla), but the page displayed was still google even though the location bar says the contrary. After that, I quit Firefox to report the bug.
|
||
Updated•17 years ago
|
Version: unspecified → 2.0 Branch
|
||
Comment 4•15 years ago
|
||
This is going to be incredibly hard to test, so I'll keep an eye out for this. Hopefully an reproduction scenario (i.e. a long loading phishing site) will come up soon and test against Fx 3.x.
|
||
Comment 5•15 years ago
|
||
Firefox 3 replaces the entire page instead of using a bubble, so this bug is probably gone.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
As per comment 5, the bubble no longer exists in Firefox 3; nor the location bar icon. Removing QAWANTED, verifying WORKSFORME.
Status: RESOLVED → VERIFIED
|
|
||
Comment 7•15 years ago
|
||
Jesse & Anthony, the bug may be for Firefox 2.0, but we can't be sure whether this is or is not occurring on non-EOL'd branches of the browser until we find a phishing site that has a long timeout. You can't say there isn't a fire outside your room before checking the heat of your doorknob. This is still an unconfirmed bug until it can be properly triaged.
Status: VERIFIED → UNCONFIRMED
Resolution: WORKSFORME → ---
|
|
||
Comment 9•15 years ago
|
||
I doubt that's still an active phishing site. To test this, add something like '15.15.15.15 www.mozilla.org' to your hosts file and then load http://www.mozilla.com/firefox/its-a-trap.html. Be sure to do it in that order.
|
||
Comment 10•15 years ago
|
||
Here's a screenshot showing the result you asked for in comment 9. The following is a description of the screenshot (using a clock analogy): 1:30 -> Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090801 Minefield/3.6a1pre 4:30 -> Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 7:30 -> Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.0.13) Gecko/2009073021 Firefox/3.0.13 10:30 -> Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 Middle -> Hosts file The following is my exact STR: 1. Open a terminal 2. sudo nano /private/etc/hosts 3. Add "15.15.15.15 www.mozilla.org" to the end of the file 4. Press CTRL+X, Y to save and exit 5. cat /private/etc/hosts (verify the contents of the file) 6. dscacheutil -flushcache (ensure dns cache is flushed) 7. Start Firefox 2.0.0.20 with -P -no-remote (create a new profile) 8. Go to http://www.mozilla.com/firefox/its-a-trap.html 9. Repeat step 6,7,8 for Firefox 3.0.13 10. Repeat step 6,7,8 for Firefox 3.5.2 11. Repeat step 6,7,8 for Minefield RESULT: Firefox 2.0.0.20 -> Site is not blocked, "Tell me if the site I'm visiting is a suspected forgery" is unchecked and disabled (I cannot check it) All Others -> "Reported Web Forgery" page appears EXPECTED: Not sure. Jesse, please review what I have posted here and let us know if this is expected or not. Thanks.
|
|
||
Comment 11•15 years ago
|
||
Given that the upper-left screenshot still shows the mozilla.org page, I don't think your hosts file change worked. It should have caused a timeout error. Bug 463347 explains why phishing protection has been disabled for Firefox 2.
|
|
||
Comment 12•15 years ago
|
||
(In reply to comment #11) > Given that the upper-left screenshot still shows the mozilla.org page, I don't > think your hosts file change worked. It should have caused a timeout error. > Perhaps you can give me some advice on how to make my hosts file "work". I've tried flushing DNS cache and rebooting the computer. I get the same results...
|
||
Comment 13•15 years ago
|
||
(In reply to comment #9) > I doubt that's still an active phishing site. To test this, add something like > '15.15.15.15 www.mozilla.org' to your hosts file and then load > http://www.mozilla.com/firefox/its-a-trap.html. Be sure to do it in that > order. Why are you proposing adding entry about mozilla._ORG_, and then visiting mozilla._COM_? Besides - its-a-trap.html is a hardcoded test site. Visiting the "real" sites marked by Google as "bad" results in executing quite different code path than when visiting one of the two hardcoded sites. (For this reason the better test site is probably http://ianfette.org/ (at least last time I checked it was present among the list of "real" "bad" sites in Google database).)
|
|
||
Comment 14•15 years ago
|
||
Thanks for catching the .com vs .org mistake. I'm pretty sure its-a-trap is not hardcoded into Firefox.
|
||
Comment 15•15 years ago
|
||
I'm pretty sure you're wrong. http://mxr.mozilla.org/mozilla-central/source/browser/components/safebrowsing/content/malware-warden.js#67
|
|
||
Comment 16•15 years ago
|
||
Oh, I saw the variable name "testData" and assumed that was part of a test.
|
|
||
Comment 17•15 years ago
|
||
WFM using Firefox trunk on Mac OS X 10.5. I added "15.15.15.15 www.mozilla.com" to /private/etc/hosts and loaded the phishing test page. I got the antiphishing error page right away, even though other pages on www.mozilla.com take a long time to load. No crash :)
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → WORKSFORME
|
Assignee | |
Updated•10 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•