Phishing/Malware Page "Ignore Warning" is cached

RESOLVED INVALID

Status

()

RESOLVED INVALID
7 years ago
5 years ago

People

(Reporter: devd, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
Go to http://www.mozilla.org/firefox/its-a-trap.html
click on ignore warning.

Now you will see the page, but with an infobar warning at the top. Now open 
http://www.mozilla.org/firefox/its-a-trap.html in a new tab, and you will go to the page directly, instead of being shown a warning.

You can also close the tab with the infobar warning, and any new loads don't trigger the warning either.

This is caused by http://mxr.mozilla.org/mozilla-central/source/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#4062 having only the choices: MALWARE, PHISHING, OR SAFE. This means the URL classifier can't report "USER OVERRIDE", which the browser can then use to display the warning.
(Reporter)

Comment 1

7 years ago
I haven't tested this, but I suspect this also means that the phishing page can trivially also open itself in a new window (or maybe just refresh, or navigate to a safe page and go back), thus bypassing the warning.
The caching is the intended behavior according to bug 468313 except the missing warning on reload but that is not what the summary describes as problem.

This report looks invalid....
Intended, see comment 2.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.