Open
Bug 778611
Opened 12 years ago
Updated 11 months ago
Thunderbird should use toolkit SafeBrowsing code.
Categories
(Thunderbird :: Security, defect)
Thunderbird
Security
Tracking
(Not tracked)
NEW
People
(Reporter: Dolske, Unassigned)
References
(Blocks 1 open bug)
Details
Bug 778608 moves the new SafeBrowsing.jsm into Toolkit. This should replace code in /mail/components/phishing/, and allow the removal of the browser.safebrowsing.provider.0 prefs (via bug 778606). See bug 769960 for the main refactoring that led to SafeBrowsing.jsm. There should be minimal fix-up to get it working, unless comm-central has unfortunately modified these files.
|
Reporter | |
Updated•12 years ago
|
OS: Mac OS X → All
Hardware: x86 → All
|
||
Comment 1•11 years ago
|
||
SeaMonkey will implement Safe Browsing in Bug 477718. I'm unlinking that bug as it's not directly relevant to Thunderbird.
No longer blocks: 477718
Summary: TB/SM should use toolkit SafeBrowsing code → Thunderbird should use toolkit SafeBrowsing code.
FYI: SeaMonkey's Safe Browsing landed on trunk today with bug 477718 and could be used as a template for what's necessary for Thunderbird to utilize it. Thanks Phil!
xref SeaMonkey bug 836769 (RSS feeds) and bug 837386 (mail/news messages).
|
|
||
Comment 4•11 years ago
|
||
Unlike the SeaMonkey browser, the Thunderbird phishing detector needs to hook deeper into the url-classifier code. The current TB code (disabled and never enabled) at: http://mxr.mozilla.org/comm-central/source/mail/components/phishing/ Is based on a very old version of the Firefox safebrowsing code and needs severe updating. See in PROT_ListWarden.prototype.isEvilURL et al in list-warden.js As far as I can see the current multi-table query code is at: http://mxr.mozilla.org/seamonkey/source/toolkit/components/url-classifier/content/multi-querier.js But that hasn't been updated since 2006 so is unlikely to work
|
|
||
Comment 5•11 years ago
|
||
See also: SM Bug 836769 - Hook up MailNews feeds display to the Safe Browsing code so that the buttons and notifications work.
See Also: → 836769
|
||
Comment 8•9 years ago
|
||
Philip, Are you suggesting the change isn't easy as suggested in comment 0? It would be great to have this area modernized so that users can be/feel more safe. It should help address some of these bugs http://mzl.la/1SzFJuu And iirc, there are many complaints in support forums.
Flags: needinfo?(philip.chee)
|
|
||
Comment 9•9 years ago
|
||
(In reply to Wayne Mery (:wsmwk, use Needinfo for questions) from comment #8) > Philip, Are you suggesting the change isn't easy as suggested in comment 0? > > It would be great to have this area modernized so that users can be/feel > more safe. > It should help address some of these bugs http://mzl.la/1SzFJuu > And iirc, there are many complaints in support forums. It's not that difficult. It just requires some work to hook up the UI to the toolkit SafeBrowsing code.
Flags: needinfo?(philip.chee)
|
||
Comment 10•7 years ago
|
||
as suggested by Jim in https://bugzilla.mozilla.org/show_bug.cgi?id=320351#c66, it is possible to analyze the links contained in an email using the safebrowsing API. In addition, SafeBrowsing v4 is now supported in Mozilla Core.
|
||
Updated•2 years ago
|
Severity: normal → S3
|
|
||
Comment 11•11 months ago
|
||
Still seeing a lot of phishing emails going through the spam detector, although quite trained.
Doing phishing email detection with SafeBrowsing has the significant advantage that no training is required.
You need to log in
before you can comment on or make changes to this bug.
Description
•