Security/Features/Application Reputation

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.


Application Reputation
Stage Development
Status In progress
Release target `
Health OK
Status note Monica is working out the last follow-ups to enable verifying signed binaries on Windows to enable remote lookups. Local lookups are landed and shipping in FF 28.


Product manager Sid Stamm
Directly Responsible Individual Monica Chew
Lead engineer Monica Chew
Security lead `
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members Doug Turner

Open issues/risks

Full Query
ID Summary Status
837195 "Save Link As" should go through BackgroundFileSaver NEW
1162842 Application Reputation checks on Windows should include the code signing certificate NEW
1167040 Limit application reputation remote lookups to zip files that contain executable files NEW
1190020 Truncated hashes in application reputation remote lookups NEW
1239836 Application Reputation should honor browser.safebrowsing.allowOverride NEW
1260856 Application Reputation should send hashes of all binaries contained in zip files NEW
1308657 Download protection should report IP addresses in addition to hostnames NEW
1356426 We should check downloads against the goog-badbinurl-shavar list prior to downloading them NEW
1356427 Only check binary files against the Application Reputation whitelist NEW
1397546 Allow Application Reputation lookups when the blacklist/whitelist is missing NEW
1435923 Redirect chain is not included in remote application reputation lookups NEW

11 Total; 11 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Stage 1: Definition

1. Feature overview

bug 662819

We warn on every application download, which causes warning fatigue and doesn't help users make good decisions. We should track the reputation of download URLs and hashes.

See Security/Features/Application_Reputation_Design_Doc for implementation details.

2. Users & use cases

Downloading popular, legitimate applications: warnings should become less severe and less redundant.

Downloading known malware or unknown applications: warnings should become more severe and clearer about the origin of the download. Perhaps more similar to the UI for installing Firefox addons (since the result is equivalent).

3. Dependencies

Google maintains an extension to Safe Browsing that tracks binary file reputation. We can harness their API to provide application reputation whitelisting for Firefox users.

4. Requirements

  • Preserve privacy as much as possible. This should only apply to downloaded applications, not documents. The URL should not be sent to Mozilla if the download is declined. Users should have the option to use this feature without contributing data to it.


  • Virus scanning.
  • Offering to sandbox untrusted native applications.
  • Preventing downgrade attacks.
  • Forcing application download sites to use https.
  • Foist AMO-style user reviews upon application download sites.

Stage 2: Design

5. Functional specification


6. User experience design

  • Checkbox to enable/disable in Security pref panel next to the phishing/malware stuff?
  • We should add a note to the download history that says, for binary downloads, what action was taken (e.g., "file whitelisted by google", or "requested analysis from Mozilla, might be malware".

Stage 3: Planning

7. Implementation plan

Lets do this in stages:

  1. Implement prefed-off support for downloading and updating Google's reputation whitelists
  2. Implement easier UI (or none) for downloads matching the whitelist
  3. Run tests to see how often unknown URLs are transmitted to the API
  4. Based on tests, perhaps enable the feature by default
  5. Eventually provide pluggable support for other reputation systems (like the search plugins)

8. Reviews

Security review


Privacy review


Localization review




Quality Assurance review


Operations review


Stage 4: Development

9. Implementation


Stage 5: Release

10. Landing criteria


Feature details

Priority P1
Rank 999
Theme / Goal Product Hardening
Roadmap Security
Secondary roadmap Platform
Feature list `
Project `
Engineering team Platform

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `