Closed
Bug 997759
Opened 10 years ago
Closed 10 years ago
SafeBrowsing malware and phishing tables do not update
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
VERIFIED
FIXED
mozilla31
People
(Reporter: gcp, Assigned: mmc)
References
Details
Attachments
(1 file, 1 obsolete file)
3.95 KB,
patch
|
gcp
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Firefox 29 beta (8?), Windows 8.1 Install on a fresh profile. Wait 15 minutes. SafeBrowsing tables for goog-badbinurl-shavar and goog-downloadwhite-digest256 are updated. Tables goog-malware-shavar and goog-phish-shavar are NOT updated nor ever downloaded. As a result, phishing and malware protection will not work.
Reporter | ||
Updated•10 years ago
|
status-firefox29:
--- → affected
tracking-firefox29:
--- → ?
Reporter | ||
Updated•10 years ago
|
Assignee: nobody → mmc
Reporter | ||
Comment 1•10 years ago
|
||
http://mxr.mozilla.org/mozilla-beta/source/modules/libpref/src/init/all.js#4499 http://mxr.mozilla.org/mozilla-beta/source/modules/libpref/src/init/all.js#4500 http://mxr.mozilla.org/mozilla-beta/source/toolkit/components/url-classifier/SafeBrowsing.jsm#13 http://mxr.mozilla.org/mozilla-beta/source/toolkit/components/url-classifier/SafeBrowsing.jsm#44 I'm guessing we didn't update listmanager to know about multiple lists :-/
Reporter | ||
Comment 2•10 years ago
|
||
This was regressed by bug 989232, but it's really bug 98562 that broke it. The changed prefs were just forgotten in the initial beta landing of 98562 and landed with 989232.
Reporter | ||
Comment 4•10 years ago
|
||
This affects all versions where the changed prefs landed: Beta, Aurora, Nightly.
status-firefox30:
--- → affected
status-firefox31:
--- → affected
tracking-firefox30:
--- → ?
tracking-firefox31:
--- → ?
Reporter | ||
Updated•10 years ago
|
Summary: SafeBrowsing malware and phishing tables do not update on fresh profiles → SafeBrowsing malware and phishing tables do not update
Assignee | ||
Comment 5•10 years ago
|
||
Assignee | ||
Comment 6•10 years ago
|
||
Assignee | ||
Updated•10 years ago
|
Attachment #8408366 -
Attachment is obsolete: true
Assignee | ||
Comment 7•10 years ago
|
||
Comment on attachment 8408368 [details] [diff] [review] Prefs for phishing and malware tables are comma-sep lists ( Review of attachment 8408368 [details] [diff] [review]: ----------------------------------------------------------------- Tested manually on fresh profile on Linux. mchew@mchew-12604:~/mozilla-central$ ls -al ~/.cache/mozilla/firefox/32kbzwgp.safebrowsing\ test/safebrowsing/ total 1676 drwxr-xr-x 2 mchew mchew 4096 Apr 17 09:47 . drwx------ 8 mchew mchew 4096 Apr 17 09:47 .. -rw-r--r-- 1 mchew mchew 12 Apr 17 09:47 goog-badbinurl-shavar.cache -rw-r--r-- 1 mchew mchew 243224 Apr 17 09:47 goog-badbinurl-shavar.pset -rw-r--r-- 1 mchew mchew 254940 Apr 17 09:47 goog-badbinurl-shavar.sbstore -rw-r--r-- 1 mchew mchew 12 Apr 17 09:47 goog-malware-shavar.cache -rw-r--r-- 1 mchew mchew 281148 Apr 17 09:47 goog-malware-shavar.pset -rw-r--r-- 1 mchew mchew 376017 Apr 17 09:47 goog-malware-shavar.sbstore -rw-r--r-- 1 mchew mchew 12 Apr 17 09:47 goog-phish-shavar.cache -rw-r--r-- 1 mchew mchew 314774 Apr 17 09:47 goog-phish-shavar.pset -rw-r--r-- 1 mchew mchew 190924 Apr 17 09:47 goog-phish-shavar.sbstore -rw-r--r-- 1 mchew mchew 44 Apr 17 09:47 test-malware-simple.cache -rw-r--r-- 1 mchew mchew 16 Apr 17 09:47 test-malware-simple.pset -rw-r--r-- 1 mchew mchew 232 Apr 17 09:47 test-malware-simple.sbstore -rw-r--r-- 1 mchew mchew 44 Apr 17 09:47 test-phish-simple.cache -rw-r--r-- 1 mchew mchew 16 Apr 17 09:47 test-phish-simple.pset -rw-r--r-- 1 mchew mchew 232 Apr 17 09:47 test-phish-simple.sbstore
Attachment #8408368 -
Flags: review?(gpascutto)
Updated•10 years ago
|
Assignee | ||
Comment 8•10 years ago
|
||
Comment on attachment 8408368 [details] [diff] [review] Prefs for phishing and malware tables are comma-sep lists ( gcp and I chatted about this on irc, but he's away right now. [Approval Request Comment] Bug caused by (feature/regressing bug #): bug 985623 and bug 989232 (fixed uplift from bug 985623) User impact if declined: Safebrowsing updates are broken and phishing/malware protection is off. Testing completed (on m-c, etc.): Manually on m-c Risk to taking this patch (and alternatives if risky): Risky because it's late in the cycle (I'm really sorry about that). Alternatives are rolling back 985623 and 989232 on beta, which is also pretty risky. String or IDL/UUID changes made by this patch: None. Btw, I filed bug 967568 for mozmill testing which would have caught this and will try to expedite that.
Attachment #8408368 -
Flags: approval-mozilla-beta?
Attachment #8408368 -
Flags: approval-mozilla-aurora?
Reporter | ||
Comment 9•10 years ago
|
||
Comment on attachment 8408368 [details] [diff] [review] Prefs for phishing and malware tables are comma-sep lists ( Review of attachment 8408368 [details] [diff] [review]: ----------------------------------------------------------------- ::: toolkit/components/url-classifier/SafeBrowsing.jsm @@ +14,5 @@ > +// all the ones containining "test", because we never need to ask for updates > +// for them. > +const phishingLists = Services.prefs.getCharPref("urlclassifier.phish_table") > + .split(",") > + .filter(function(value) { return value.indexOf("test") == -1; }) I think I'd put "test-" instead of "test" for extra safety. Also the functional logic is duplicated for both prefs, so I'd put it into a function. @@ +24,2 @@ > const downloadBlockList = > Services.prefs.getCharPref("urlclassifier.downloadBlockTable"); Let's learn from our mistakes shall we...
Attachment #8408368 -
Flags: review?(gpascutto) → review+
Comment 10•10 years ago
|
||
Well, I am not really happy about uplifting this patch but looks like we don't have any other choice :) Can you ping/call gcp to have the review ASAP? The GTB for beta9 is in a few hours and we have to get this patch in this beta. After, it is going to be way too risky.
Comment 11•10 years ago
|
||
OK, mid-air collision. Thanks gcp!
Updated•10 years ago
|
Attachment #8408368 -
Flags: approval-mozilla-beta?
Attachment #8408368 -
Flags: approval-mozilla-beta+
Attachment #8408368 -
Flags: approval-mozilla-aurora?
Attachment #8408368 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 12•10 years ago
|
||
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/779b111e77f6
Assignee | ||
Comment 13•10 years ago
|
||
beta: https://hg.mozilla.org/releases/mozilla-beta/rev/034a63535df0 aurora: https://hg.mozilla.org/releases/mozilla-aurora/rev/0f85c1a7a5ca
Assignee | ||
Comment 14•10 years ago
|
||
Sorry, this change hasn't gone to m-c yet.
status-firefox31:
fixed → ---
Reporter | ||
Comment 15•10 years ago
|
||
Try build looks OK to me on win32.
Comment 16•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/779b111e77f6
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox31:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
Comment 17•10 years ago
|
||
Verified using Firefox 29 Beta 9 (Build ID: 20140417185217), by starting Firefox with a clean profile and verifying that goog-phish-shavar, goog-malware-shavar, goog-badbinurl-shavar, and (on windows only) goog-downloadwhite-digest256 display in the safebrowsing directory of the profile. On Mac the profile directory is ~/Library/Caches/Firefox/Profiles/<profile_name>/safebrowsing. On Linux, it's ~/.cache/mozilla/firefox/<profile_name>/safebrowsing. Verified on Win 7 x64, Win 8 x64, Mac OS X 10.8.5 and Ubuntu 10 32bit. I could not verify Aurora 30 and Nightly 31, as it seems we don't yet have a build containing the fix.
Comment 18•10 years ago
|
||
Managed to verify on today's Aurora 30 and Nightly 31, with the same results as above (correct tables are downloaded on each OS within minutes).
Status: RESOLVED → VERIFIED
Keywords: verifyme
Reporter | ||
Updated•10 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•