Note: The Safe Browsing feature in Firefox has been renamed to Phishing Protection, but it's still now as Safe Browsing internally.
Google Safe Browsing was an anti-phishing extension released by Google on labs.google.com in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired.
We've landed this change on the trunk as a global extension as of 7 March 2006. The next steps are to figure out whether this is something we want to use as the base for an anti-phishing feature in Firefox. Of course, whether it is enabled or even shipped is still a matter for discussion, as is the final form the extension might take, its UI, the way users opt-in, and the like.
You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292
- browser.safebrowsing.enabled: enable phishing protection
- browser.safebrowsing.id: what SAFEBROWSING_ID in gethashURL and updateURL maps to
- browser.safebrowsing.malware.enabled: enable malware protection
- browser.safebrowsing.reportMalwareMistakeURL: destination for the "This isn't an attack site" button (after ignoring the interstitial warning)
- browser.safebrowsing.reportPhishMistakeURL: destination for the "This isn't a web forgery" button (after ignoring the interstitial warning)
- browser.safebrowsing.reportPhishURL: destination for the "Help | Report Web Forgery" menu item
- urlclassifier.disallow_completions: list of tables for which we never call gethash
- urlclassifier.gethashnoise: the number of fake entries to add to any gethash calls
- urlclassifier.malwareTable: list of tables to use when looking for malware (they need to be named *-malware-* or *-unwanted-*)
- urlclassifier.phishTable: list of tables to use when looking for phishing (they need to be named *-phish-*)
Firefox 42 and earlier:
- browser.safebrowsing.gethashURL: server endpoint for completions of malware and phishing lists
- browser.safebrowsing.malware.reportURL: probably unused
- browser.safebrowsing.updateURL: server endpoint for malware and phishing list updates
Firefox 43 and later:
- browser.safebrowsing.provider.google.gethashURL: server endpoint for completions of malware and phishing lists
- browser.safebrowsing.provider.google.lists: list of tables coming from the Google Safe Browsing service
- browser.safebrowsing.provider.google.reportURL: probably unused
- browser.safebrowsing.provider.google.updateURL: server endpoint for malware and phishing list updates
Product/Component: Toolkit/Safe Browsing
- Tracking bug
- The Firefox implementation is split into a few parts:
- toolkit/components/url-classifier/ (includes the list manager)
- Local store is in:
- ~/.cache/mozilla/firefox/XXXX/safebrowsing/ on Linux
- ~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/ on Mac
- itisatrap.org test pages
- Telemetry dashboard
Both nsBaseChannel::Open() and nsBaseChannel::AsyncOpen() ask for the channel to be "classified" by nsChannelClassifier. There is also a local-only classification that is requested by tracking protection.
- Malware, phishing and unwanted software test pages
- Phishtank (real phishing sites)
- Google test pages
- Script to dump the contents of the local store
To turn on debugging output, export the following environment variable:
and also see the browser.safebrowsing.debug pref to see debugging output from the JS pieces of Safe Browsing.