Closed Bug 756591 Opened 8 years ago Closed 7 years ago

safebrowsing should prevent activation event

Categories

(Firefox Graveyard :: SocialAPI, defect)

x86
macOS
defect
Not set

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: mixedpuppy, Assigned: mixedpuppy)

References

Details

We need to have some blocklist support for manifest files, including the ability to disable previously installed manifests if they end up in a blocklist
I guess this blocking will be implemented per origin rather than the full URL to the manifest (ie, so a domain we want to block can't just move the manifest to somewhere else on the domain and have it work?)  Under this assumption, I'm marking this as dependent on bug 756021 (which is where we are deciding exactly what the "origin" is in this world)
Depends on: 756021
implemented testing against safebrowsing for loading remote manifest files, pushed in change

https://github.com/mozilla/socialapi-dev/commit/e668ec63bb4e942fae6bbb36c2261c9f8caa76c6

We probably also want a more direct blocklist like AMO, or potentially even using the AMO blocklist directly.

We also need to consider when to recheck manifest files that made their way into the db, in case one later becomes a problem.
Severity: normal → blocker
Assignee: nobody → mixedpuppy
This is not a feature of v1 landing, not a blocker
Severity: blocker → normal
Whiteboard: [Fx17]
Whiteboard: [Fx17]
blocklist support using AMO is implemented in a patch on bug 755126
Depends on: 755126
Should this be duped to bug 755126 then? What would need to be done here that isn't included in 755126?
The one item here that isn't in bug 755126 is the safebrowsing support we used early on.  The benefit here would be to prevent activation from any site that gets a hit in safebrowsing.  Another potential use would be to softblock any installed provider that gets a hit in safebrowsing.
Summary: blocklist support for manifests → safebrowsing should prevent activation event
I don't really understand the new summary - safebrowsing doesn't let you load pages on the blacklist at all, so there's no additional work required to "prevent the activation event".
short talk with gavin, this isn't necessary.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.