Phishing protection crashes on a forgery that times out

RESOLVED WORKSFORME

Status

()

Toolkit
Safe Browsing
RESOLVED WORKSFORME
11 years ago
4 years ago

People

(Reporter: flore, Unassigned)

Tracking

2.0 Branch
PowerPC
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(4 attachments)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4

When a forgery page times out, the anti phishing bugs and the anti phishing window refuses to be closed.

Reproducible: Always

Steps to Reproduce:
1. I received a scam e-mail on thunderbird (about a paypal account) and just for fun and see the anti phishing function in Firefox, I clicked on the link (ignoring Thunderbird advice) : http://202.129.35.178/~nakorn/image/wamu.html
2. The page takes a long time to load, so the time-out page was displayed. And the anti phishing window appeared at the same time.
3. I clicked on the red cross, to close the window. Doesn't work. Nor does any of the other buttons
Actual Results:  
It is impossible to close the anti phishing window, whatever I do.
If I close the tab, the icon on the address bar remains and the window briefly appears every time I open a new tab. In the same session, if I open the test phishing page ( http://www.google.com/tools/firefox/safebrowsing/phish-o-rama.html ) firefox still bugs (I will provide screenshots).

Expected Results:  
The window should close normally when clicking on the appropriate buttons.

On a new session of Firefox the google test page works perfectly. This bug appears only when the forgery page times out.
(Reporter)

Comment 1

11 years ago
Created attachment 268667 [details]
The phishing window on the time out page refuses to be closed
(Reporter)

Comment 2

11 years ago
Created attachment 268668 [details]
The red icon in the location bar persists on every page.

This bug persists until I close the session.
(Reporter)

Comment 3

11 years ago
Created attachment 268671 [details]
The bug messes with every page in the same session.

I closed the google phishing test page to get back to the first tab (bugzilla), but the page displayed was still google even though the location bar says the contrary.
After that, I quit Firefox to report the bug.

Updated

11 years ago
Version: unspecified → 2.0 Branch
Keywords: qawanted
This is going to be incredibly hard to test, so I'll keep an eye out for this. Hopefully an reproduction scenario (i.e. a long loading phishing site) will come up soon and test against Fx 3.x.

Comment 5

9 years ago
Firefox 3 replaces the entire page instead of using a bubble, so this bug is probably gone.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME
As per comment 5, the bubble no longer exists in Firefox 3; nor the location bar icon.  Removing QAWANTED, verifying WORKSFORME.
Status: RESOLVED → VERIFIED
Keywords: qawanted
Jesse & Anthony, the bug may be for Firefox 2.0, but we can't be sure whether this is or is not occurring on non-EOL'd branches of the browser until we find a phishing site that has a long timeout. 

You can't say there isn't a fire outside your room before checking the heat of your doorknob. This is still an unconfirmed bug until it can be properly triaged.
Status: VERIFIED → UNCONFIRMED
Resolution: WORKSFORME → ---
Um...the URL is in the original comment...

Comment 9

9 years ago
I doubt that's still an active phishing site.  To test this, add something like '15.15.15.15 www.mozilla.org' to your hosts file and then load http://www.mozilla.com/firefox/its-a-trap.html.  Be sure to do it in that order.
Created attachment 392099 [details]
Screenshot

Here's a screenshot showing the result you asked for in comment 9.

The following is a description of the screenshot (using a clock analogy):
1:30 -> Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090801 Minefield/3.6a1pre
4:30 -> Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
7:30 -> Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.0.13) Gecko/2009073021 Firefox/3.0.13
10:30 -> Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Middle -> Hosts file

The following is my exact STR:
1. Open a terminal
2. sudo nano /private/etc/hosts
3. Add "15.15.15.15     www.mozilla.org" to the end of the file
4. Press CTRL+X, Y to save and exit
5. cat /private/etc/hosts (verify the contents of the file)
6. dscacheutil -flushcache (ensure dns cache is flushed)
7. Start Firefox 2.0.0.20 with -P -no-remote (create a new profile)
8. Go to http://www.mozilla.com/firefox/its-a-trap.html
9. Repeat step 6,7,8 for Firefox 3.0.13
10. Repeat step 6,7,8 for Firefox 3.5.2
11. Repeat step 6,7,8 for Minefield

RESULT:
Firefox 2.0.0.20 -> Site is not blocked, "Tell me if the site I'm visiting is a suspected forgery" is unchecked and disabled (I cannot check it)
All Others -> "Reported Web Forgery" page appears

EXPECTED:
Not sure.  Jesse, please review what I have posted here and let us know if this is expected or not.  Thanks.

Comment 11

9 years ago
Given that the upper-left screenshot still shows the mozilla.org page, I don't think your hosts file change worked.  It should have caused a timeout error.

Bug 463347 explains why phishing protection has been disabled for Firefox 2.
(In reply to comment #11)
> Given that the upper-left screenshot still shows the mozilla.org page, I don't
> think your hosts file change worked.  It should have caused a timeout error.
> 
Perhaps you can give me some advice on how to make my hosts file "work".  I've tried flushing DNS cache and rebooting the computer.  I get the same results...
(In reply to comment #9)
> I doubt that's still an active phishing site.  To test this, add something like
> '15.15.15.15 www.mozilla.org' to your hosts file and then load
> http://www.mozilla.com/firefox/its-a-trap.html.  Be sure to do it in that
> order.

Why are you proposing adding entry about mozilla._ORG_, and then visiting mozilla._COM_?

Besides - its-a-trap.html is a hardcoded test site. Visiting the "real" sites marked by Google as "bad" results in executing quite different code path than when visiting one of the two hardcoded sites. (For this reason the better test site is probably http://ianfette.org/ (at least last time I checked it was present among the list of "real" "bad" sites in Google database).)

Comment 14

9 years ago
Thanks for catching the .com vs .org mistake.

I'm pretty sure its-a-trap is not hardcoded into Firefox.
I'm pretty sure you're wrong.

http://mxr.mozilla.org/mozilla-central/source/browser/components/safebrowsing/content/malware-warden.js#67

Comment 16

9 years ago
Oh, I saw the variable name "testData" and assumed that was part of a test.

Comment 17

8 years ago
WFM using Firefox trunk on Mac OS X 10.5.  I added "15.15.15.15     www.mozilla.com" to /private/etc/hosts and loaded the phishing test page.  I got the antiphishing error page right away, even though other pages on www.mozilla.com take a long time to load.  No crash :)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago8 years ago
Resolution: --- → WORKSFORME
(Assignee)

Updated

4 years ago
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.