Closed Bug 413919 Opened 17 years ago Closed 16 years ago

Phishing protection doesn't work for Firefox 3

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: whimboo, Unassigned)

References

Details

(Keywords: regression)

Attachments

(2 files)

Screenshot; wfm
103.61 KB, image/png
Details
I <3 Reed
112.11 KB, image/png
Details 
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b3pre) Gecko/2008011804 Minefield/3.0b3pre ID:2008011804

While verifying the patch of Tony on bug 367538 I noticed that no warning dialog is shown when opening one of the listed URLs within the Google black list: 

http://sb.google.com/safebrowsing/update?version=goog-black-url:1:-1

Many of the pages point to a 404 address meanwhile but Firefox 2 still shows the phishing alert while Firefox 3 doesn't. Same happens for nightly builds on Windows. After some searching I found a working URL which can be used to reproduce this issue:

http://classifiedsphilippines.com/userimgs/dert.htm

It doesn't happen for the its-a-trap page: http://www.mozilla.com/firefox//its-a-trap.html

Asking for blocking Firefox 3.
Flags: blocking-firefox3?
same as 413600 ? 
Could this be linked to bug 402469?

Also, when I click on the blacklist link above (http://sb.google.com/safebrowsing/update?version=goog-black-url:1:-1), I just see an empty page. Is that right?
We're using a different blacklist server in Firefox 3 (still Google, just different software) and the code in both Firefox and on the Google server are still "in progress". In addition the server doesn't yet have a full set of data.

Keep an eye on things for sure, but it's not a surprise FF3 doesn't yet catch everything FF2 does.
This is due to the way the Google SafeBrowsing service is sending updates to Firefox 3. We're working with them to resolve, and will soon be moving to the new version of the server spec.
Status: NEW → RESOLVED
Closed: 16 years ago
Flags: blocking-firefox3?
Resolution: --- → INVALID
Mike, so this is a server-side issue? If yes that's fine but if Firefox needs to be updated to use the new service shouldn't we have a tracker bug therefor?
As beltzner told on IRC this should be working now. Personally I still cannot see a warning. Do we have any working examples?

Further I'm surprised that this bug gets marked as invalid. It's a real open issue which affects Firefox.
(In reply to comment #9)
> Created an attachment (id=302375) [details]
> Screenshot; wfm

Something that's not hardcoded in the code, please?
Ok, I checked http://www.phishtank.com/ to get a list of known phishing sites. I tested a lot of them and I get a phishing warning now.

That's why I don't think that INVALID is the correct state of this bug. Due to its working now lets mark it as WFM.
Resolution: INVALID → WORKSFORME
Cool, thanks Henrik; verified.
Status: RESOLVED → VERIFIED
I just tried to reproduce this and I can. :/

I visited:

https://www.mybusinessbank.co.uk/cs70_banking/logon/slogon
http://classifiedsphilippines.com/userimgs/dert.htm
http://131.115.broadband.iol.cz/online.bancadiroma.it/index.php
http://76.162.161.220/private/avirtual1-bancatlan.com/PYMES/hlogin.htm
http://82.115.26.230/www.irs.gov/irfofgetstatus.htm

and never saw the warning. And I have had Firefox open for a long time (at least 10 hours today I'm guessing.) The urlclassifier3.sqlite is 13.2 MB.

And I can also get to those five sites without a warning on a clean profile that's been open about 2-3 hours.

Can anyone else reproduce?
(In reply to comment #14)
> I just tried to reproduce this and I can. :/
> 
> I visited:
> 
> https://www.mybusinessbank.co.uk/cs70_banking/logon/slogon
> ...

D'oh! I just realized that is actually the legitimate Alliance & Leicester site; please disregard that URL. The other ones are all genuine phishing sites though :)
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: