Open Bug 778611 Opened 7 years ago Updated 2 years ago
Thunderbird should use toolkit Safe
Browsing code .
Bug 778608 moves the new SafeBrowsing.jsm into Toolkit. This should replace code in /mail/components/phishing/, and allow the removal of the browser.safebrowsing.provider.0 prefs (via bug 778606). See bug 769960 for the main refactoring that led to SafeBrowsing.jsm. There should be minimal fix-up to get it working, unless comm-central has unfortunately modified these files.
SeaMonkey will implement Safe Browsing in Bug 477718. I'm unlinking that bug as it's not directly relevant to Thunderbird.
No longer blocks: 477718
Summary: TB/SM should use toolkit SafeBrowsing code → Thunderbird should use toolkit SafeBrowsing code.
FYI: SeaMonkey's Safe Browsing landed on trunk today with bug 477718 and could be used as a template for what's necessary for Thunderbird to utilize it. Thanks Phil!
Unlike the SeaMonkey browser, the Thunderbird phishing detector needs to hook deeper into the url-classifier code. The current TB code (disabled and never enabled) at: http://mxr.mozilla.org/comm-central/source/mail/components/phishing/ Is based on a very old version of the Firefox safebrowsing code and needs severe updating. See in PROT_ListWarden.prototype.isEvilURL et al in list-warden.js As far as I can see the current multi-table query code is at: http://mxr.mozilla.org/seamonkey/source/toolkit/components/url-classifier/content/multi-querier.js But that hasn't been updated since 2006 so is unlikely to work
See also: SM Bug 836769 - Hook up MailNews feeds display to the Safe Browsing code so that the buttons and notifications work.
See Also: → 836769
Philip, Are you suggesting the change isn't easy as suggested in comment 0? It would be great to have this area modernized so that users can be/feel more safe. It should help address some of these bugs http://mzl.la/1SzFJuu And iirc, there are many complaints in support forums.
(In reply to Wayne Mery (:wsmwk, use Needinfo for questions) from comment #8) > Philip, Are you suggesting the change isn't easy as suggested in comment 0? > > It would be great to have this area modernized so that users can be/feel > more safe. > It should help address some of these bugs http://mzl.la/1SzFJuu > And iirc, there are many complaints in support forums. It's not that difficult. It just requires some work to hook up the UI to the toolkit SafeBrowsing code.
as suggested by Jim in https://bugzilla.mozilla.org/show_bug.cgi?id=320351#c66, it is possible to analyze the links contained in an email using the safebrowsing API. In addition, SafeBrowsing v4 is now supported in Mozilla Core.
You need to log in before you can comment on or make changes to this bug.