Closed Bug 756591 Opened 13 years ago Closed 12 years ago

safebrowsing should prevent activation event

Categories

(Firefox Graveyard :: SocialAPI, defect)

Product:
Firefox Graveyard
Component:
SocialAPI
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mixedpuppy, Assigned: mixedpuppy)

References

Details

We need to have some blocklist support for manifest files, including the ability to disable previously installed manifests if they end up in a blocklist
I guess this blocking will be implemented per origin rather than the full URL to the manifest (ie, so a domain we want to block can't just move the manifest to somewhere else on the domain and have it work?) Under this assumption, I'm marking this as dependent on bug 756021 (which is where we are deciding exactly what the "origin" is in this world)
Depends on: 756021
implemented testing against safebrowsing for loading remote manifest files, pushed in change https://github.com/mozilla/socialapi-dev/commit/e668ec63bb4e942fae6bbb36c2261c9f8caa76c6 We probably also want a more direct blocklist like AMO, or potentially even using the AMO blocklist directly. We also need to consider when to recheck manifest files that made their way into the db, in case one later becomes a problem.
Severity: normal → blocker
Assignee: nobody → mixedpuppy
This is not a feature of v1 landing, not a blocker
Severity: blocker → normal
Whiteboard: [Fx17]
Whiteboard: [Fx17]
blocklist support using AMO is implemented in a patch on bug 755126
Depends on: 755126
Should this be duped to bug 755126 then? What would need to be done here that isn't included in 755126?
The one item here that isn't in bug 755126 is the safebrowsing support we used early on. The benefit here would be to prevent activation from any site that gets a hit in safebrowsing. Another potential use would be to softblock any installed provider that gets a hit in safebrowsing.
Summary: blocklist support for manifests → safebrowsing should prevent activation event
I don't really understand the new summary - safebrowsing doesn't let you load pages on the blacklist at all, so there's no additional work required to "prevent the activation event".
short talk with gavin, this isn't necessary.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.