Closed
Bug 479103
Opened 16 years ago
Closed 16 years ago
<script src="http://attack-site.com "> does not trigger safe-browsing alert
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 441359
People
(Reporter: advax, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.9.0.6) Gecko/2009011912 Firefox/3.0.6
Build Identifier: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.9.0.6) Gecko/2009011912 Firefox/3.0.6
While following a link to a listed phishing site gives a big red alert and a red banner on each page if ignored, referring to a script on a listed site does not.
Nor does putting an image inline.
I don't have access to a real listed site to test exhaustively. If I create a page which sources a non-existant script on a listed site, Firefox silently downloads the URL from the site as verified with Wireshark
I have only tried a URL which returns 404
The safe browsing filter should warn on any attempts to contact a listed site, whether by inline image, script, redirect, iframe, ftp etc. etc.
Reproducible: Always
Reporter | ||
Updated•16 years ago
|
Component: General → Phishing Protection
Updated•16 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Updated•16 years ago
|
Status: RESOLVED → VERIFIED
Assignee | ||
Updated•11 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•