Created attachment 302987 [details] Screenshot After I upgraded from Fx3 Beta 2 to Beta 3, the web forgery and malware protection don't seem to work any longer. Please see the attached screenshot. The same thing happens on <http://www.google.com/tools/firefox/safebrowsing/phish-o-rama.html> as well. I inspected the Security settings in the Options window, and I found out that "Check by asking Google about each site I visit" was selected. I'm not sure if this happened on its own or it was a mistake on my part, but I usually use "Check using a downloaded list of suspected sites" because of privacy concerns. Switching to "Check using a downloaded list of suspected sites" didn't change anything as well. So, basically, my current Firefox 3 profile in vulnerable to phishing and malware sites. Please let me know what data I can provide to assist in debugging this.
Getting this on Beta 4 radar...
Target Milestone: --- → Firefox 3 beta4
It's possible that between the two betas you've got to load the new database, and you haven't yet -- although I thought the "it's a trap" and "phish-o-rama" pages were hardcoded in as demonstrations and should work regardless. http://mxr.mozilla.org/firefox/source/browser/components/safebrowsing/content/phishing-warden.js#70 For me (with a nightly) the its-a-trap page is blocked but the google phish-o-rama page is not.
Assignee: nobody → dcamp
kTestUrls isn't used anywhere. See bug 401642 about phish-o-rama.
(In reply to comment #2) > It's possible that between the two betas you've got to load the new database, > and you haven't yet How should I have reloaded the new database? Is it something to do manually? Should the installer have handled it? Should it happen automatically? > -- although I thought the "it's a trap" and "phish-o-rama" > pages were hardcoded in as demonstrations and should work regardless. > > http://mxr.mozilla.org/firefox/source/browser/components/safebrowsing/content/phishing-warden.js#70 From comment 3, I can tell that this is no longer the case. > For me (with a nightly) the its-a-trap page is blocked but the google > phish-o-rama page is not. I guess it has something to do with the upgrade, because I haven't seen it in nightlies on the same machine. FWIW, it was an automatic update to Firefox 3 beta 3.
I don't think they should be hard-coded, as it's useful for them to act as tests that we're actually going out to the DB and checking the pages. We're going to get Google to add them into their DB, I believe, or have Google redirect the phish-o-rama page to our its-a-trap page. Blocking on ensuring that its-a-trap always works, not sure that I care deeply about phish-o-rama.
Flags: blocking-firefox3? → blocking-firefox3+
Priority: -- → P3
To be clear, Ehsan, can you confirm whether: http://www.mozilla.com/firefox/its-an-attack.html and http://www.mozilla.com/firefox/its-a-trap.html Trigger the warnings for you? If those two do trigger the warning, then yes, Mike is right, we should use this bug to track progress getting test urls build right in to the blacklist. If not, then your bug is something else, having to do maybe with the recent removal of the lookup-style ("Ask google every time") code, though I sort of doubt it.
(In reply to comment #6) > To be clear, Ehsan, can you confirm whether: > > http://www.mozilla.com/firefox/its-an-attack.html > and > http://www.mozilla.com/firefox/its-a-trap.html > > Trigger the warnings for you? :-/ Actually, they both seem to trigger the warning now. Even <http://www.joehewitt.com/> does trigger the warning. I swear no warning was shown when I filed the bug! ;-) There *was* something wrong with malware/forgery protection when I upgraded to Beta 3. I hate to see this being resolved as WORKSFORME, and leave the hole open in the code, but I can't repro this any more...
Target Milestone: Firefox 3 beta4 → Firefox 3
Dave - is it possible Ehsan just got caught in a DB reset or other wonkiness, and that we can close this WFM with a (reasonably) clear conscience? I haven't seen other live instances of this elsewhere...
resolving WFM, please reopen if you can still reproduce.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Priority: P3 → P2
Resolution: --- → WORKSFORME
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.