Closed
Bug 397360
Opened 17 years ago
Closed 17 years ago
privacy: unwanted connections to sb.google.com
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: guninski, Unassigned)
Details
privacy: unwanted connections to sb.google.com latest trunk on internet connected linux with clean profile. safe browsing is disabled, about:config confirms it. home page is about:blank after starting firefox visit http://localhost. IDS alarms "malicious activity on eth0": POST /safebrowsing/downloads?client=navclient-auto-ffox&appver=3.0a9pre&pver=2.0 HTTP/1.1 Host: sb.google.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a9pre) Gecko/2007092404 Minefield/3.0a9pre if cookies are enabled a cookie is added. server replies with 400 "bad request" but i don't care at all about the server.
|
||
Comment 1•17 years ago
|
||
So disable Safe Browsing in Tools > Options > Security > Tell me if the site I am visiting is a suspected forgery.
|
|
||
Comment 2•17 years ago
|
||
Ignore me ktnx!
|
Reporter | |
Comment 3•17 years ago
|
||
(In reply to comment #1) > So disable Safe Browsing in Tools > Options > Security > Tell me if the site I > am visiting is a suspected forgery. > of course this is first thing i do on a new profile. so it is done. from about:config browser.safebrowsing.enabled = false an easy way to reproduce is to run a sniffer on the internet interface.
|
||
Comment 4•17 years ago
|
||
I tried reproducing this with a new profile with nothing else than a prefs.js with user_pref("browser.safebrowsing.enabled", false); and user_pref("browser.startup.page", 0); in it.
No connections over port 80 were made, except the Gmail Notifier application sometimes but that is an independent program. Are you sure you have no programs which connect to Google?
|
|
Reporter | |
Comment 5•17 years ago
|
||
(In reply to comment #4) > I tried reproducing this with a new profile with nothing else than a prefs.js > with user_pref("browser.safebrowsing.enabled", false); and > user_pref("browser.startup.page", 0); in it. > No connections over port 80 were made, except the Gmail Notifier application > sometimes but that is an independent program. Are you sure you have no programs > which connect to Google? > no google programs or addons. user agent advertises as firefox trunk. don't even have gmail account. have you tried disabling safe browsing from the UI as the first thing on a new profile, then restart firefox then sniff?
|
|
||
Comment 6•17 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a9pre) Gecko/2007092423 Minefield/3.0a9pre I only see a quick attempt to connect to 127.0.0.1 over port 80 followed by the immediate browser message that it is unable to connect, but nothing else from Firefox.
|
|
Reporter | |
Comment 7•17 years ago
|
||
(In reply to comment #6) > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a9pre) Gecko/2007092423 > Minefield/3.0a9pre > > I only see a quick attempt to connect to 127.0.0.1 over port 80 followed by the > immediate browser message that it is unable to connect, but nothing else from > Firefox. > well i have httpd server on my localhost. have you tried opening any non google url and check for a cookie from google (assuming you have cookies enabled)? with yesterday's trunk.
|
|
Reporter | |
Comment 8•17 years ago
|
||
just accessing random non google url doesn't trigger it with today's trunk. perform some activity not related to google - like gnu.org. download trunk from https://ftp.mozilla.org. wait about 5 minutes. watch the sniffer for sb.google.com and check for a google cookie. repeating: browser.safebrowsing.enabled = false
|
|
Reporter | |
Comment 9•17 years ago
|
||
(In reply to comment #6) > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a9pre) Gecko/2007092423 > Minefield/3.0a9pre > as stated in the bug, OS is linux so you windows seems irrelevant to this bug.
|
|
Reporter | |
Comment 10•17 years ago
|
||
just starting trunk with home page about:blank, so called safebrowsing disabled and waiting 2 to 5 minutes causes connection to sb.l.google.com according to sniffer.
|
|
Reporter | |
Comment 11•17 years ago
|
||
and you get a google cookie without doing anything
|
||
Comment 12•17 years ago
|
||
I noticed this happening until I set browser.safebrowsing.malware.enabled to false.
|
|
||
Comment 13•17 years ago
|
||
So where are we getting the list to check against malware? eg: http://www.mozilla.com/firefox/its-an-attack.html Is that from google too? And if so, is that enabled/disabled using browser.safebrowsing.malware.enabled (whilst anti-phishing is controlled by browser.safebrowsing.enabled) ?
|
||
Comment 14•17 years ago
|
||
(In reply to comment #13) > So where are we getting the list to check against malware? > > eg: http://www.mozilla.com/firefox/its-an-attack.html > > Is that from google too? Yes. > And if so, is that enabled/disabled using > browser.safebrowsing.malware.enabled (whilst anti-phishing is controlled by > browser.safebrowsing.enabled) ? Yes. There's going to be UI to disable malware blocking, but I don't know if that bug is filed already.
|
||
Comment 15•17 years ago
|
||
looks like the Malware blocking UI bug is filed as bug 397841 Anything else to do on this bug if the UI is added?
|
|
||
Comment 16•17 years ago
|
||
Nope, looks to me like this is INVALID.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•