Closed Bug 397360 Opened 18 years ago Closed 18 years ago

privacy: unwanted connections to sb.google.com

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: guninski, Unassigned)

Details

privacy: unwanted connections to sb.google.com latest trunk on internet connected linux with clean profile. safe browsing is disabled, about:config confirms it. home page is about:blank after starting firefox visit http://localhost. IDS alarms "malicious activity on eth0": POST /safebrowsing/downloads?client=navclient-auto-ffox&appver=3.0a9pre&pver=2.0 HTTP/1.1 Host: sb.google.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a9pre) Gecko/2007092404 Minefield/3.0a9pre if cookies are enabled a cookie is added. server replies with 400 "bad request" but i don't care at all about the server.
So disable Safe Browsing in Tools > Options > Security > Tell me if the site I am visiting is a suspected forgery.
Ignore me ktnx!
(In reply to comment #1) > So disable Safe Browsing in Tools > Options > Security > Tell me if the site I > am visiting is a suspected forgery. > of course this is first thing i do on a new profile. so it is done. from about:config browser.safebrowsing.enabled = false an easy way to reproduce is to run a sniffer on the internet interface.
I tried reproducing this with a new profile with nothing else than a prefs.js with user_pref("browser.safebrowsing.enabled", false); and user_pref("browser.startup.page", 0); in it. No connections over port 80 were made, except the Gmail Notifier application sometimes but that is an independent program. Are you sure you have no programs which connect to Google?
(In reply to comment #4) > I tried reproducing this with a new profile with nothing else than a prefs.js > with user_pref("browser.safebrowsing.enabled", false); and > user_pref("browser.startup.page", 0); in it. > No connections over port 80 were made, except the Gmail Notifier application > sometimes but that is an independent program. Are you sure you have no programs > which connect to Google? > no google programs or addons. user agent advertises as firefox trunk. don't even have gmail account. have you tried disabling safe browsing from the UI as the first thing on a new profile, then restart firefox then sniff?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a9pre) Gecko/2007092423 Minefield/3.0a9pre I only see a quick attempt to connect to 127.0.0.1 over port 80 followed by the immediate browser message that it is unable to connect, but nothing else from Firefox.
(In reply to comment #6) > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a9pre) Gecko/2007092423 > Minefield/3.0a9pre > > I only see a quick attempt to connect to 127.0.0.1 over port 80 followed by the > immediate browser message that it is unable to connect, but nothing else from > Firefox. > well i have httpd server on my localhost. have you tried opening any non google url and check for a cookie from google (assuming you have cookies enabled)? with yesterday's trunk.
just accessing random non google url doesn't trigger it with today's trunk. perform some activity not related to google - like gnu.org. download trunk from https://ftp.mozilla.org. wait about 5 minutes. watch the sniffer for sb.google.com and check for a google cookie. repeating: browser.safebrowsing.enabled = false
(In reply to comment #6) > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a9pre) Gecko/2007092423 > Minefield/3.0a9pre > as stated in the bug, OS is linux so you windows seems irrelevant to this bug.
just starting trunk with home page about:blank, so called safebrowsing disabled and waiting 2 to 5 minutes causes connection to sb.l.google.com according to sniffer.
and you get a google cookie without doing anything
I noticed this happening until I set browser.safebrowsing.malware.enabled to false.
So where are we getting the list to check against malware? eg: http://www.mozilla.com/firefox/its-an-attack.html Is that from google too? And if so, is that enabled/disabled using browser.safebrowsing.malware.enabled (whilst anti-phishing is controlled by browser.safebrowsing.enabled) ?
(In reply to comment #13) > So where are we getting the list to check against malware? > > eg: http://www.mozilla.com/firefox/its-an-attack.html > > Is that from google too? Yes. > And if so, is that enabled/disabled using > browser.safebrowsing.malware.enabled (whilst anti-phishing is controlled by > browser.safebrowsing.enabled) ? Yes. There's going to be UI to disable malware blocking, but I don't know if that bug is filed already.
looks like the Malware blocking UI bug is filed as bug 397841 Anything else to do on this bug if the UI is added?
Nope, looks to me like this is INVALID.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.