Closed Bug 555504 Opened 16 years ago Closed 6 years ago

Attack Site Report does not appear on "I feel lucky" search

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: eduardo.m.costa, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc12 Firefox/3.5.8 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc12 Firefox/3.5.8 If a site is reported as an "Attack Site", Firefox opens a nice red screen explaining that fact. If this site is the first on a google keyword search, and I type it on address bar, the site will be opened WITHOUT passing the report. I'm from Brazil, and an fast-food company "Giraffas" got their site attacked - and it is redirecting to "94.102.55.9". If I type "giraffas" on address bar, Google's luck search founds "www.novositedogiraffas.com", that is bound to the attack site, and FF opens without error! If I do the same search on google first, the report appears as desired. Reproducible: Always Steps to Reproduce: 1. Type a keyword search on address bar that leads to an attack site Actual Results: The attack site opens Expected Results: Attack Site Report must be opened instead of the site I found this bug because of an attack to another site. This example will not work too long.
Thinking this is more a google issue.
How do you figure that's a google issue? Firefox periodically downloads a list of phishing and malware sites and then checks the sites we visit against that list. In theory that check should happen no matter how or where we link to that site. I wasn't aware that the google lucky search got a free pass on that.
Marc, I never said it should get a free pass. I'm just wondering if maybe on how google redirects with the I'm feeling lucky, that it could be something there. Just putting it out. In theory, exactly. But is, somehow, I'm feeling lucky working differently?
I see. You think there might be something in how firefox is handling lucky, not that google should be doing something different. My bad.
We don't have any logic in our anti-phishing/malware code that considers the state of google's feeling lucky results. The database contents are often quite specific to particular pages, though - so it's possible that the result of typing into the location bar is taking you to a different page on the same host which has not been added to the list. At any rate, I can't reproduce the inconsistency you describe with the steps you've provided - typing "giraffas" in the location bar, or visiting www.novositedogiraffas.com directly both result in a successful page load.
This will be hard to reproduce. To make things worst (for me), I'm behind a proxy here and that error appeared at home. Even on an Amazon EC2 instance (using FF 3.5.8) I can't reproduce - the report appears as desired. I will check it again tonight. Maybe the problem occurs when I use .com.br's lucky search (instead of .com) or is an bizarre IP route problem. BTW, as of 15:59 GMT, it should appear an attack report for you! If the fastfood page loaded, you reproduced the error! :)
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.