Closed Bug 410506 Opened 18 years ago Closed 18 years ago

phishing warning dangerously delayed

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 408164

People

(Reporter: jarith, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11 I (moronically) fell for a phishing scam that seems to be floating around facebook right now. After clicking the link, I inputed my password and pushed submit. Since it's a fake site, it sent me back to the main page after the username and password was inputted. Just when I began to realize it was a fake, the firefox phishing warning FINALLY showed up, but by then it was too late. I have since changed my facebook password and removed any kind of information from my profile that would lead the phisher elsewhere. The most troubling thing about this incident, was that I use firefox to PROTECT me from this kind of garbage, and yet it didn't warn me until quite after it was too late. The delay in the phishing warning renders the protection almost completely useless; like a condom that only starts working after sex. Reproducible: Always Steps to Reproduce: 1. go to the link provided (not sure if it's safe, proceed at your own risk) 2. wait 3. the phishing warning pops up long after the time it would take to log in Actual Results: I got phished Expected Results: WARN ME.
In Firefox 3, the "grey out after loading" behaviour has been replaced with a "block the page before it ever loads" approach (see attachment 286321 [details] on bug 399233) that will check the list before there is any content. I know that didn't help you in this case though, and I'm sorry about that. I suggest marking this bug as WONTFIX (or FIXED, maybe?) because we are unlikely to change the anti-phishing UI in FF2 very much since we're replacing it in v3 anyhow, but I will defer to Tony there in case he has a different opinion.
I'm not warned at all about this site on Firefox 3. Is that expected?
I get the phishing error page immediately when I visit that site, in Firefox 3. Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b3pre) Gecko/2008010204 Minefield/3.0b3pre
Not working in FF2 is bug 408164, so marking as a dupe.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.