Thunderbird should use toolkit SafeBrowsing code.

NEW
Unassigned

Status

Thunderbird
Security
6 years ago
11 months ago

People

(Reporter: Dolske, Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
Bug 778608 moves the new SafeBrowsing.jsm into Toolkit. This should replace code in /mail/components/phishing/, and allow the removal of the browser.safebrowsing.provider.0 prefs (via bug 778606). See bug 769960 for the main refactoring that led to SafeBrowsing.jsm. There should be minimal fix-up to get it working, unless comm-central has unfortunately modified these files.
(Reporter)

Updated

6 years ago
OS: Mac OS X → All
Hardware: x86 → All

Updated

6 years ago
Blocks: 477718

Updated

6 years ago
Blocks: 368924, 654502

Comment 1

6 years ago
SeaMonkey will implement Safe Browsing in Bug 477718. I'm unlinking that bug as it's not directly relevant to Thunderbird.
No longer blocks: 477718
Summary: TB/SM should use toolkit SafeBrowsing code → Thunderbird should use toolkit SafeBrowsing code.

Comment 2

6 years ago
FYI: SeaMonkey's Safe Browsing landed on trunk today with bug 477718 and could be used as a template for what's necessary for Thunderbird to utilize it. Thanks Phil!

Comment 3

6 years ago
xref SeaMonkey bug 836769 (RSS feeds) and bug 837386 (mail/news messages).

Updated

5 years ago
See Also: → bug 477718

Updated

5 years ago
Blocks: 849694

Comment 4

5 years ago
Unlike the SeaMonkey browser, the Thunderbird phishing detector needs to hook deeper into the url-classifier code. The current TB code (disabled and never enabled) at:

http://mxr.mozilla.org/comm-central/source/mail/components/phishing/

Is based on a very old version of the Firefox safebrowsing code and needs severe updating.

See in PROT_ListWarden.prototype.isEvilURL et al in list-warden.js

As far as I can see the current multi-table query code is at:
http://mxr.mozilla.org/seamonkey/source/toolkit/components/url-classifier/content/multi-querier.js
But that hasn't been updated since 2006 so is unlikely to work

Comment 5

5 years ago
See also:
SM Bug 836769 - Hook up MailNews feeds display to the Safe Browsing code so that the buttons and notifications work.
See Also: → bug 836769

Updated

5 years ago
Duplicate of this bug: 368924

Updated

5 years ago
Duplicate of this bug: 474713

Updated

5 years ago
No longer blocks: 368924

Comment 8

3 years ago
Philip, Are you suggesting the change isn't easy as suggested in comment 0?

It would be great to have this area modernized so that users can be/feel more safe.
It should help address some of these bugs http://mzl.la/1SzFJuu
And iirc, there are many complaints in support forums.
Flags: needinfo?(philip.chee)

Comment 9

3 years ago
(In reply to Wayne Mery (:wsmwk, use Needinfo for questions) from comment #8)
> Philip, Are you suggesting the change isn't easy as suggested in comment 0?
> 
> It would be great to have this area modernized so that users can be/feel
> more safe.
> It should help address some of these bugs http://mzl.la/1SzFJuu
> And iirc, there are many complaints in support forums.

It's not that difficult. It just requires some work to hook up the UI to the toolkit SafeBrowsing code.
Flags: needinfo?(philip.chee)

Comment 10

11 months ago
as suggested by Jim in https://bugzilla.mozilla.org/show_bug.cgi?id=320351#c66, it is possible to analyze the links contained in an email using the safebrowsing API. In addition, SafeBrowsing v4 is now supported in Mozilla Core.
You need to log in before you can comment on or make changes to this bug.