Unresolved URLs lead to unnecessary DNS lookup for stopbadware.org

RESOLVED FIXED

Status

()

P5
normal
RESOLVED FIXED
9 years ago
2 years ago

People

(Reporter: mweinstein, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)

[This is likely cross-platform, but I only tested on the x86 version under Win XP.]

If you run a network sniffer and use Firefox to navigate to a host that will not resolve via DNS (or set your computer to use a DNS server that doesn't exist, which has the same effect), you will see attempts to resolve the requested host, followed by an attempt to resolve stopbadware.org. This happens even though the "host not found" error page in Firefox does not load any content from stopbadware.org. (No additional requests for data are made to stopbadware.org after the hostname is resolved.)

Reproducible: Always

Steps to Reproduce:
1. Start a packet sniffer, such as wireshark
2. Start Firefox
3. Browse to a host that won't resolve via DNS
4. Check sniffer log
Actual Results:  
Shows a query for an A record for stopbadware.org

Expected Results:  
should not query stopbadware.org
I suspect this is DNS pre-fetch twigging off the fact that our strings for the neterror page include one that links to stopbadware, even though those strings are removed shortly after the page is loaded. 

http://mxr.mozilla.org/mozilla-central/source/browser/locales/en-US/chrome/overrides/netError.dtd#157

Given that we use about:blocked for our safebrowsing error pages instead of neterror, we should just change those strings in the browser override dtd to not contain links. (We can't just delete them, since it will lead to undefined entities when the error page is loaded, in the split-second before those strings are removed.
Status: UNCONFIRMED → NEW
Component: General → Phishing Protection
Ever confirmed: true
QA Contact: general → phishing.protection
(Assignee)

Updated

4 years ago
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
Comment hidden (spam)
We no longer link to stopbadware.org from these pages, so I think that's no longer an issue.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
OS: Windows XP → Unspecified
Priority: -- → P5
Hardware: x86 → Unspecified
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.