+++ This bug was initially created as a clone of Bug #1013558 +++ Currently we only return shouldBlock=true if the remote verdict is DANGEROUS, but the API has evolved since then. UNKNOWN needs a slightly different one, e.g. "download.exe is not commonly downloaded and could be dangerous". In the UNKNOWN case, Chrome does not delete the downloaded file but does display a warning.

By "UNKNOWN", we probably mean "UNCOMMON" as per the histogram on: http://telemetry.mozilla.org/#filter=nightly%2F39%2FAPPLICATION_REPUTATION_SERVER_VERDICT%2Fsaved_session%2FFirefox&aggregates=multiselect-all!Submissions&evoOver=Builds&locked=true&sanitize=true&renderhistogram=Graph

These verdicts are in http://hg.mozilla.org/mozilla-central/file/6810b2fa1afe/toolkit/components/downloads/csd.pb.h.

Screenshot from http://googleonlinesecurity.blogspot.co.nz/2014/08/thats-not-download-youre-looking-for.html

Btw, strings for this case were decided in https://bugzilla.mozilla.org/show_bug.cgi?id=1053890, though I can't find right now where they actually landed.

It seems that the strings for POTENTIALLY_UNWANTED and DANGEROUS/DANGEROUS_HOST are the same, so an easy fix would just be to return shouldBlock = true if the verdict is POTENTIALLY_UNWANTED. To support the UNCOMMON case, the API for application reputation has to change to return more than a simple boolean. That could be a followup bug.

Note that supporting these verdicts is still blocked by the full UI in bug 1068656, as the current minimal UI provides no way to distinguish the reason for blocking, and does not provide an obvious way to unblock (the option is in the context menu only).

(In reply to :Paolo Amadini from comment #6) > Note that supporting these verdicts is still blocked by the full UI in bug > 1068656, as the current minimal UI provides no way to distinguish the reason > for blocking, and does not provide an obvious way to unblock (the option is > in the context menu only). That's too bad -- I thought that since the warning text for POTENTIALLY_UNWANTED and DANGEROUS/DANGEROUS_HOST are the same, it would be OK to collapse that one into the current behavior.

(In reply to [:mmc] Monica Chew (please use needinfo) from comment #7) > That's too bad -- I thought that since the warning text for > POTENTIALLY_UNWANTED and DANGEROUS/DANGEROUS_HOST are the same, it would be > OK to collapse that one into the current behavior. Are we talking about the same states? There are three states we will support eventually, and they have different strings, as well as different severity conveyed through the user interface: http://mxr.mozilla.org/mozilla-central/source/browser/locales/en-US/chrome/browser/downloads/downloads.properties#41 See for example attachment 8483575 [details] from bug 1053890.

You are right, I was looking at the wrong strings from https://bug1053890.bugzilla.mozilla.org/attachment.cgi?id=8479351.

This landed in time for Fx48.