Closed
Bug 406505
Opened 17 years ago
Closed 17 years ago
minefield blocks https://www.paypal.com/cgi-bin/webscr for one profile, but not others
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 406865
People
(Reporter: moco, Unassigned)
References
()
Details
Attachments
(1 file)
|
230.34 KB,
image/jpeg
|
Details |
screen shot
firefox blocks https://www.paypal.com/cgi-bin/webscr (as malware) for one profile, but not others. disabling malware checking (browser.safebrowsing.malware.enabled) confirms it is malware and not phishing. note, we tried to remove urlclassifier2.sqlite, but that didn't seem to help. (hmm, according to lxr, the file is urlclassifier3.sqlite? I don't seem to have that file.) polvi has the profile that can reproduce this, in case you want to look at any files. He has already use the web service (at google.com?) to tell them that this is not a scam. I'm worried something else is going on.
|
Reporter | |
Comment 1•17 years ago
|
||
he's using a recent, trunk mac os x build (from november 30, 2007 or more recently) polvi, can you include the exact build id?
Summary: firefox blocks https://www.paypal.com/cgi-bin/webscr for one profile, but not others → minefield blocks https://www.paypal.com/cgi-bin/webscr for one profile, but not others
|
|
Reporter | |
Comment 2•17 years ago
|
||
|
||
Comment 3•17 years ago
|
||
(In reply to comment #0) > note, we tried to remove urlclassifier2.sqlite, but that didn't seem to help. > (hmm, according to lxr, the file is urlclassifier3.sqlite? I don't seem to > have that file.) urlclassifier3.sqlite is the current name for the sqlite database that holds this data, so removing urlclassifier2.sqlite won't help any. http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/toolkit/components/url-classifier/src/nsUrlClassifierDBService.cpp&rev=1.38&mark=117#116
|
|
Reporter | |
Comment 4•17 years ago
|
||
ah, I have ~/Library/Caches/Firefox/Profiles/pkv0yecg.default/urlclassifier3.sqlite but I also have: ~/Library/Application Support/Firefox/Profiles/pkv0yecg.default/urlclassifier2.sqlite That's why I got confused. povli, I bet finding and removing that ~/Library/Caches/Firefox/Profiles/*.default/urlclassifier3.sqlite would fix it for you, but don't do that yet, please save a copy of that. (as dcamp might need to inspect it?) dcamp: it seems like a potential bug that polvi has one urlclassifier3.sqlite that thinks that https://www.paypal.com/cgi-bin/webscr is malware, no?
|
||
Comment 5•17 years ago
|
||
(In reply to comment #1) > he's using a recent, trunk mac os x build (from november 30, 2007 or more > recently) > > polvi, can you include the exact build id? Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b2pre) Gecko/2007113004 Minefield/3.0b2pre Are there any privacy implications of posting the urlclassifiers3.sqlite to this bug?
|
|
||
Comment 6•17 years ago
|
||
(In reply to comment #4) > povli, I bet finding and removing that > ~/Library/Caches/Firefox/Profiles/*.default/urlclassifier3.sqlite would fix it > for you, but don't do that yet, please save a copy of that. (as dcamp might > need to inspect it?) yep, it fixed it. I have the copy laying around if needed...
|
||
Comment 7•17 years ago
|
||
(In reply to comment #5) > Are there any privacy implications of posting the urlclassifiers3.sqlite to > this bug? There is no personally identifying information in urlclassifier3.sqlite. The data in it is the same data that is passed to all Minefield users (with varying chunks) and sent in the clear from Google's servers. Please post it.
|
|
||
Comment 8•17 years ago
|
||
(In reply to comment #7) > (In reply to comment #5) > > Are there any privacy implications of posting the urlclassifiers3.sqlite to > > this bug? > > There is no personally identifying information in urlclassifier3.sqlite. The > data in it is the same data that is passed to all Minefield users (with varying > chunks) and sent in the clear from Google's servers. Please post it. http://polvi.net/~polvi/urlclassifier3.sqlite (use wget) Excited to hear what you find!
|
||
Comment 9•17 years ago
|
||
(In reply to comment #0) > disabling malware checking (browser.safebrowsing.malware.enabled) confirms it > is malware and not phishing. Actually due to 405685, that pref will disable both checks. The screenshot implies it's phishing.
|
|
Reporter | |
Comment 10•17 years ago
|
||
> Actually due to 405685, that pref will disable both checks. The screenshot implies it's phishing.
I used the pref ui (and not the actual pref) to help narrow down the problem.
It sounds like I might have been confused about which one I had enabled and which one I didn't.|
|
||
Comment 11•17 years ago
|
||
(In reply to comment #10) > It sounds like I might have been confused about which one I had enabled and > which one I didn't. You're not confused. I just tested this with a clean profile on the latest nightly using the urlclassifier posted above: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b2pre) Gecko/2007120304 Minefield/3.0b2pre Using the pref pane: Preferences -> Security case 1) "Tell me if ... suspected attack site" - checked "Tell me if ... suspected forgery" - checked result: screen shot case 2) "Tell me if ... suspected attack site" - unchecked "Tell me if ... suspected forgery" - checked result: paypal loads case 3) "Tell me if ... suspected attack site" - checked "Tell me if ... suspected forgery" - unchecked result: screen shot case 3) "Tell me if ... suspected attack site" - unchecked "Tell me if ... suspected forgery" - unchecked result: paypal loads Looks like something is getting mixed up!
|
|
||
Comment 12•17 years ago
|
||
(In reply to comment #11) > Looks like something is getting mixed up! Right, 405685.
|
|
||
Comment 13•17 years ago
|
||
Google confirms that this url was at one point blacklisted, but has been since removed from the blacklist. I zeroed out the sub chunk list, disabled the update timeout and let it spin updating for awhile. Eventually google sent me a sub that expired that entry. I suspect this was caused by 406621. We were dropping entries from add and sub chunks, we might have dropped this sub. But I'm going to leave this separate for the moment so I can verify things a bit better.
|
|
||
Comment 14•17 years ago
|
||
So two bugs have been fixed in beta 2 that could leave formerly blacklisted urls in the database, and some server problems in early november could have led to blacklisted urls not being removed. Between those bug fixes and 406865 (which clobbers databases that were created before these bugs were fixed), I am going to close this bug (I'm duping to 406865 since that has more information and the right deps).
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
|
Assignee | |
Updated•10 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•