Security/Safe Browsing: Difference between revisions
(link to dashboard) |
(→Contacts: remove out of date contacts) |
||
| Line 50: | Line 50: | ||
Are filed as bugs under [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&product=Firefox&component=Phishing+Protection&long_desc_type=substring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&emailassigned_to1=1&emailtype1=exact&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_contact2=1&emailtype2=exact&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0= Firefox / Phishing Protection] | Are filed as bugs under [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&product=Firefox&component=Phishing+Protection&long_desc_type=substring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&emailassigned_to1=1&emailtype1=exact&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_contact2=1&emailtype2=exact&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0= Firefox / Phishing Protection] | ||
Revision as of 03:40, 23 March 2015
Name Change
Note: Safe Browsing has been renamed to Phishing Protection.
Overview
Google Safe Browsing was an anti-phishing extension released by Google on labs.google.com in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired.
We've landed this change on the trunk as a global extension as of 7 March 2006. The next steps are to figure out whether this is something we want to use as the base for an anti-phishing feature in Firefox. Of course, whether it is enabled or even shipped is still a matter for discussion, as is the final form the extension might take, its UI, the way users opt-in, and the like.
You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292
How to Enable
safebrowsing is enabled by default on the MOZILLA_1_8_BRANCH and trunk. You can enable/disable it in the Options dialog in the Security tab.
If you wish to see debugging output, open toolkit/components/url-classifier/src/nsUrlClassifierLib.js and set G_GDEBUG to true.
Design Doc
Phishing Protection: Design Documentation
Server Spec
Phishing Protection: Server Spec
Client Spec
Phishing Protection: Client Spec
Source Code
For integration with firefox, the code from the extension is broken into two parts: http://lxr.mozilla.org/seamonkey/source/browser/components/safebrowsing/ http://lxr.mozilla.org/seamonkey/source/toolkit/components/url-classifier/
The browser component contains the Phishing Warden, Controller, Browser View and Displayer described on the Phishing_Protection:_Design_Documentation#Major_Abstractions page. The toolkit component contains the ListManager and TRTables.
Telemetry
Dashboard: https://people.mozilla.org/~fmarier/safebrowsing-dashboard/
Important Bugs
- Malware/spyware detection: https://bugzilla.mozilla.org/show_bug.cgi?id=347849
- Play nicely with other people who change the status bar: https://bugzilla.mozilla.org/show_bug.cgi?id=329722
- Fixed position XUL is apparently not officially supported... is there an alternative? https://bugzilla.mozilla.org/show_bug.cgi?id=329725
Other Bugs or Potential Improvements
Are filed as bugs under Firefox / Phishing Protection