Closed
Bug 368924
Opened 18 years ago
Closed 11 years ago
turn on safe-browsing
Categories
(Thunderbird :: Preferences, defect)
Thunderbird
Preferences
Tracking
(blocking-thunderbird3.1 -, thunderbird3.1 wontfix)
RESOLVED
DUPLICATE
of bug 778611
People
(Reporter: Dolske, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [no l10n impact])
Attachments
(3 files)
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
image/png
|
Details |
I started with a new profile, and added an IMAP server account. I then when through the settings to customize things, and noticed that the "Use a downloaded list of email scams" option was *not* checked by default. I believe Firefox enables the downloaded anti-phishing list by default, so it seems like TB's pref should also default to enabled.
Comment 1•18 years ago
|
||
Actually... the feature won't be enabled at all - see bug 368635. (And the UI is no longer displayed.)
Comment 2•17 years ago
|
||
The bug said we wouldn't get it in Thunderbird 2. Can agreements be worked out for Thunderbird 3?
Flags: blocking-thunderbird3?
Comment 3•16 years ago
|
||
I sure hope so. I wonder who knows what the story is...
Assignee: mscott → nobody
Flags: blocking-thunderbird3? → blocking-thunderbird3+
Updated•16 years ago
|
Assignee: nobody → david.ascher
Comment 4•16 years ago
|
||
Not sure if we can get this in b2, but...
Target Milestone: --- → Thunderbird 3.0b2
Comment 5•16 years ago
|
||
my understanding is that this requires legal approval from the anti-phishing provider. If that process hasn't started, then I don't see that we can get this for b2, so moving to b3
Target Milestone: Thunderbird 3.0b1 → Thunderbird 3.0b2
Updated•16 years ago
|
OS: Mac OS X → All
Hardware: PC → All
Comment 6•16 years ago
|
||
this still seems to be on the b2 list, actually moving to b3
Target Milestone: Thunderbird 3.0b2 → Thunderbird 3.0b3
Comment 8•16 years ago
|
||
adjusting status to make sure that i keep on top of it.
Status: NEW → ASSIGNED
Updated•16 years ago
|
Version: 2.0 → Trunk
Comment 10•16 years ago
|
||
We wouldn't block on this, I don't think.
Flags: wanted-thunderbird3+
Flags: blocking-thunderbird3-
Flags: blocking-thunderbird3+
Comment 11•15 years ago
|
||
I chatted with the Google folks on this.
We can go ahead and a) use googpub-phish-shavar as the string and b) enable this pref by default.
The string in Firefox is goog-phish-shavar and they're still checking to see if we can use it also.
over to bienvenu.
Assignee: rebron → bienvenu
Comment 12•15 years ago
|
||
Here's the code that I think needs to change:
http://mxr.mozilla.org/comm-central/source/mail/base/content/phishingDetector.js#76
Comment 13•15 years ago
|
||
this should be trivial to try...
Target Milestone: Thunderbird 3.0b3 → Thunderbird 3.0b4
Comment 14•15 years ago
|
||
Rafael, you were going to get me a bad url so I could tell if the code was working...
Comment 15•15 years ago
|
||
in theory this should fix it, though without knowing what a bad url might be, it's hard to test...
Comment 16•15 years ago
|
||
Rafael, can we get access to a malware list as well?
Comment 17•15 years ago
|
||
I'll get the list from MozQA.
Comment 18•15 years ago
|
||
David,
Here's what I got from QA:
http://www.phishtank.com/ (live examples)
https://litmus.mozilla.org/show_test.cgi?id=6988
Comment 19•15 years ago
|
||
We may need to turn this pref on as well...I haven't been able to verify that this is working yet, though.
Updated•15 years ago
|
Target Milestone: Thunderbird 3.0b4 → Thunderbird 3.0rc1
Comment 20•15 years ago
|
||
FYI, I applied the patch, and loaded a message with a link to http://www.mozilla.com/firefox/its-a-trap.html in it. Nothing happened.
Comment 21•15 years ago
|
||
1) I sent myself an email containing the url http://www.irs.gov.nuko7ur.eu/fraud_application/directory/statement.php?email=x&tid=rpowell-00000174073547US (which I got from phishtank.com), looked at it in the Sent folder, and got no warning. (going to that URL in firefox does trigger the red screen of scare)
2) Looking at the 'safebrowsing' prefs in both firefox and thunderbird, there seem to be a lot of differences.
Feels like more work is needed.
Comment 22•15 years ago
|
||
Have you run with the second patch? I haven't checked anything in yet, and I haven't been able to verify that this works.
Comment 23•15 years ago
|
||
(In reply to comment #22)
> Have you run with the second patch? I haven't checked anything in yet, and I
> haven't been able to verify that this works.
ah, sorry, I read my bug mail from newest to oldest and didn't see your comment. If we want this to potentially block, we should mark it blocking, otherwise it tends to fall off my radar :-(
Comment 24•15 years ago
|
||
Adding to blocker list, but changing title to indicate that what we should do is to figure out if it's easy, not that we'll block until this is fixed. It seems like a good security win if we can leverage the existing infrastructure, but if it's too hard, we can target it to the next release.
Flags: blocking-thunderbird3- → blocking-thunderbird3+
Summary: Scam list not enabled by default → investigate whether safebrowsing can be enabled cheaply
Comment 25•15 years ago
|
||
Don't we have to fork the UI and the strings that are currently in mozilla/browser for this? This will be hard given that we're three days away from the string freeze.
Comment 26•15 years ago
|
||
Are the patches in this bug really all that is needed here? If yes, then we don't need to worry about the upcoming string freeze for TB3 tomorrow, but if not, then we need to get traction on this bug ASAP.
Comment 27•15 years ago
|
||
The code in TB 2.0 basically made a copy of the FF 2 phishing stuff, and left the db stuff turned off. The current FF anti-phishing stuff is somewhat different, and to get this to work, I think I'd need to re-copy the current FF code. I made a quick stab at it, and it didn't work. So this is looking a bit iffy.
Re the string freeze, the current design is to show the same warning for message with black-listed urls as we do for manually detected bad urls, i.e., no string changes needed.
Updated•15 years ago
|
Whiteboard: [no l10n impact]
Comment 28•15 years ago
|
||
taking off blocking - I'd love to do this, but I'm not going to block on it.
Flags: blocking-thunderbird3+ → blocking-thunderbird3.1+
Summary: investigate whether safebrowsing can be enabled cheaply → turn on safe-browsing
Comment 29•15 years ago
|
||
We really really want this. That said, if it were the last bug standing, I don't believe we'd hold 3.1 for much time to get it, so I'm marking blocking- and wanted+. clarkbw, I suspect this does want to live on our soon-to-be-created medium-term-feature-focus page. Do you agree? If so, can you add it to your list? Also, I'm still not totally sure how the feature-focus wiki pages and our wanted flags should interact. Thoughts there appreciated.
Comment 30•14 years ago
|
||
Too late for 3.1
Comment 31•13 years ago
|
||
What needs to be done to go forward with this ?
Comment 32•13 years ago
|
||
Someone needs to figure out how to adapt the new FF anti-phishing code to Thunderbird.
Assignee: dbienvenu → nobody
Comment 33•13 years ago
|
||
The patch uses googpub-phish-shavar (Camino too), but Firefox and Fennec are using goog-phish-shavar:
http://mxr.mozilla.org/mozilla-central/source/browser/components/safebrowsing/content/application.js#112
What are the differences?
Comment 34•13 years ago
|
||
Prolly only Google knows that, but comment 11 and various other bugs related to this (i.e. for Iceweasel) seem to suggest that Google uses googpub for data-users that aren't as extensively checked for correct behavior as current Firefox is.
Comment 35•12 years ago
|
||
Is this important in any strategic sense?
Status: ASSIGNED → NEW
Target Milestone: Thunderbird 3.0rc1 → ---
Comment 36•12 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #35)
> Is this important in any strategic sense?
I don't see any strategic reason why this should be given particular consideration. Yes it would be nice to have.
Comment 37•11 years ago
|
||
Obsoleted by bug 778611.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•