Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; ja; rv:22.214.171.124) Gecko/2009011912 Firefox/3.0.6 While sitting on release testing I noticed in the l10n testruns in Litmus that the Phishing filter breaks for profiles which were created by another locale. The red alert box isn't displayed anymore and users will be redirected to the malicious page! There is no way to stop this behavior, unless you delete the urlclassifier3.sqlite file. After this step the Phishing filter starts working again. I did no further investigation yet and will run further tests on other platforms and for 1.9.1/1.9.2. Here are the steps to reproduce the behavior: 1. Download the en-US build of Firefox 3.0.6 build1 2. Create a new profile with that locale 3. Start Firefox with that profile and wait until the urlclassifier3.sqlite is getting downloaded (for now I haven't done any timing tests) 4. Open http://www.mozilla.com/firefox/its-a-trap.html => Alert box is shown and user is protected by the filter 5. Download the fr build of Firefox 3.0.6 build1 6. Start the fr build with the profile created by the en-US build 7. Open http://www.mozilla.com/firefox/its-a-trap.html => No alert box is shown and user lands on the malicious webpage 8. Start the en-US build again with the same profile 9. Open http://www.mozilla.com/firefox/its-a-trap.html => Alert box is shown again This could be a security issue. So flagging it as a security bug for now, as stated by Samuel.
Dave and I are investigating this.
I run the same test with a latest nightly build on 1.9.1 and 1.9.2. Both versions are affected too.
Tested a bit, and it appears that Real phishing/malware pages are being blocked reliably, this seems to be specific to the test urls.
Dave, do we have a list of pages somewhere I can easy access?
And this isn't a new issue either so we don't need to block 126.96.36.199 on it or anything. The paranoid in me wanted it filed as security-sensitive, though investigation seems to say we can probably open it. Let's keep it closed 'til we're 100% sure.
That question is entirely too difficult to answer :/ If your profile has been around for long enough, ianfette.org is a good malware test that comes from the real server. phistank.org generally has a good list of recent phishes, google usually has a few from the first page or two, I happened to find http://www.artdollmaking.com/PayPal.fr/
(In reply to comment #6) > If your profile has been around for long enough, ianfette.org is a good malware > test that comes from the real server. On that website I even don't get an alert which such a profile while it is working with the original locale. > phistank.org generally has a good list of recent phishes Mmh. This website cannot be found.
(In reply to comment #7) > (In reply to comment #6) > > If your profile has been around for long enough, ianfette.org is a good malware > > test that comes from the real server. > > On that website I even don't get an alert which such a profile while it is > working with the original locale. Yeah, might not have the complete phishing list yet. > > > phistank.org generally has a good list of recent phishes > Mmh. This website cannot be found. phishtank.org
So can we open this bug to public since it only affects our demonstration page?
(In reply to Henrik Skupin (:whimboo) from comment #9) > So can we open this bug to public since it only affects our demonstration > page? I don't see any reason for this to be private any more.
Closed during front end sg triage - this looks like it only impacted the test page, and also refers to an older implementation of the safebrowsing code.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.