Ubuntu

Firefox doesn't warn about Attack Sites!?

Reported by savalas on 2009-07-26
32
This bug affects 4 people
Affects Status Importance Assigned to Milestone
firefox-3.5 (Ubuntu)
Critical
Alexander Sack
Jaunty
High
Alexander Sack
xulrunner-1.9.1 (Ubuntu)
Critical
Unassigned
Jaunty
Critical
Alexander Sack

Bug Description

Hello,

I run Ubuntu 9.04 on my PC. Some days ago I installed Firefox 3.5.0 and upgraded it to 3.5.1 via the repository. Problem here is, that Shiretoko / Firefox 3.5.1 doesn't warn about Attcking Sites as it should (example site: http://www.mozilla.com/firefox/its-an-attack.html )!?

With Firefox 3.0.12 or Opera there is no problem.

What did I wrong, does any one no a solution for this?

Many thanx and regards,

savalas

Tom (tom6) on 2009-07-26
Changed in firefox-3.5 (Ubuntu):
status: New → Confirmed
jeanwattie (jwattie) wrote :

Same bug I believe:
https://bugs.launchpad.net/ubuntu/+source/firefox-3.5/+bug/397907

Sorry that I was a bit hasty and commented there before full search.

9.04, 3.5.1 , Universe repo checked. Clean test profile, no extensions, failure to warn confirmed when using the Fx test page for blocking phishing pages.
http://www.mozilla.com/firefox/its-an-attack.html

Tom (tom6) wrote :

It is good to hunt around and find duplicate bug-reports. If you find duplicates then look up just under the bug-report's title and click on "Mark as duplicate" and then just type in the number of the one that has the most activity ;)

It looks like you are doing a great job here so i thought i'd try and show you the tools to make it easier for you :)
Thanks again and regards from
Tom :)

jeanwattie (jwattie) wrote :

Thank you for supervising so clearly.
These pages are a tad cluttered for a first-time visitor and relatively new Ubuntu user, so please feel free to point *everything* out whenever you encounter my mess :-)

Alexander Sack (asac) on 2009-08-10
Changed in firefox-3.5 (Ubuntu):
assignee: nobody → Alexander Sack (asac)
importance: Undecided → Critical
milestone: none → karmic-alpha-5
status: Confirmed → Triaged
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox-3.5 - 3.5.2+nobinonly-0ubuntu2

---------------
firefox-3.5 (3.5.2+nobinonly-0ubuntu2) karmic; urgency=low

  Firefox 3.5 by default upload
  + see: https://blueprints.launchpad.net/ubuntu/+spec/desktop-karmic-firefox-3.5

  [ Fabien Tassin <email address hidden> ]
  * Make firefox-3.5 the default firefox. Use the official branding only
    for releases (the -daily PPA remains branded as Shiretoko, like the
    upstream nightlies). Activate the profile migrator and the apport hooks.
    Add the meta packages to make the transition smoother.
    - update debian/control
    - drop debian/patches/firefox-fsh
    - drop debian/patches/firefox-profilename
    - update debian/patches/series
    - update debian/firefox-3.5.install
    - update debian/firefox.sh.in
    - update debian/migrator/main.c
    - update debian/mozclient/firefox-3.5.mk
    - update debian/rules
    - update debian/firefox-3.5-final.desktop
    - update debian/firefox-3.5-shiretoko.desktop
    - update debian/abrowser-3.5.desktop
    - update debian/apport/firefox-3.5.py

  [ Alexander Sack <email address hidden> ]
  * make -final and -shiretoko .desktop file refer to unversioned "firefox"
    Binary and Icon
    - update debian/firefox-3.5-shiretoko.desktop
    - update debian/firefox-3.5-final.desktop
    - update debian/firefox-3.5-minefield.desktop
    - update debian/abrowser-3.5.desktop
  * add translations for .desktop file from firefox-3.0.head branch
    - update debian/firefox-3.5-final.desktop
    - update debian/abrowser-3.5.desktop
  * set BUILD_OFFICIAL = 1 to enable all official build features
    - update debian/rules
  * fix LP: #404827 - Firefox doesn't warn about Attack Sites!?; add
    --enable-safe-browsing to configure flags
    - update debian/rules
  * fix LP: #383484 - search engine plugins missing in firefox-3.5 packages;
    installing searchplugins and default theme as now firefox-3.5
    Replaces: firefox-3.0
    - update debian/firefox-3.5.install
  * fix restart issues by installing proper versioned binary (without a
    firefox-fsh patch); in turn drop unversioned firefox link from .install
   - update debian/rules
   - update debian/firefox-3.0.install

 -- Alexander Sack <email address hidden> Mon, 10 Aug 2009 17:05:37 +0200

Changed in firefox-3.5 (Ubuntu):
status: Triaged → Fix Released
Noel J. Bergman (noeljb) wrote :

This is also present in Jaunty as 3.5.2+nobinonly-0ubuntu0.9.04.1

Alexander Sack (asac) wrote :

probably justifies a -security update for xulrunner-1.9.1

affects: firefox-3.5 (Ubuntu Jaunty) → xulrunner-1.9.1 (Ubuntu Jaunty)
Changed in xulrunner-1.9.1 (Ubuntu Jaunty):
assignee: nobody → Alexander Sack (asac)
importance: Undecided → High
status: New → Triaged
affects: xulrunner-1.9.1 (Ubuntu) → firefox-3.5 (Ubuntu)
Alexander Sack (asac) wrote :

xulrunner-1.9.1 (1.9.1.2+nobinonly-0ubuntu3) karmic; urgency=low

  * set BUILD_OFFICIAL = 1 to enable all official build features
    - update debian/rules
  * fix LP: #404827 - Firefox doesn't warn about Attack Sites!?; add
    --enable-safe-browsing to configure flags
    - update debian/rules

 -- Alexander Sack < <email address hidden>> Mon, 10 Aug 2009 15:23:40 +0200

Changed in xulrunner-1.9.1 (Ubuntu):
importance: Undecided → Critical
status: New → Fix Released
Changed in xulrunner-1.9.1 (Ubuntu Jaunty):
assignee: nobody → Alexander Sack (asac)
importance: Undecided → Critical
milestone: none → jaunty-updates
status: New → Triaged
tlu (thomas-ludwig-gmx) wrote :

Thanks - the fix works for 3.5 and 3.6. Great!

dje (duncaneastoe) wrote :

Any updates on when/if this will make Jaunty? I've managed to get the Karmic packages running on Jaunty and the problem is fixed

Tim Besard (maleadt) wrote :

I'd be interested in seeing this fix in jaunty too, as 3.5 now ships without any search engines.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In Jaunty you need firefox-3.0 installed alongside firefox-3.5 for
full functionality. This has been fixed in Karmic.

Tim Besard wrote:
> I'd be interested in seeing this fix in jaunty too, as 3.5 now ships
> without any search engines.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqpGTYACgkQTniv4aqX/VmwMACcCGGpU5lpbT5mR3lrmiTP7L0R
haIAn03hPedGxDe6eZ/NjbJC2Lq24ke+
=Vr3l
-----END PGP SIGNATURE-----

tlu (thomas-ludwig-gmx) wrote :

@Micah Gersten: I've only installed FF 3.5.4 in Jaunty and the fix works. But perhaps it's because I added https://launchpad.net/~ubuntu-mozilla-daily/+archive/ppa

Micah Gersten (micahg) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, that build has the search engine plugins. The ones in universe
do not.

tlu wrote:
> @Micah Gersten: I've only installed FF 3.5.4 in Jaunty and the fix
> works. But perhaps it's because I added
> https://launchpad.net/~ubuntu- mozilla-daily/+archive/ppa
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqpO5QACgkQTniv4aqX/VmNXwCfb2Y7N3Io3IK0Ng7Nlv51oEBH
oWwAoIOqvcfF3UnWIa4QvUrHeWltOLkE
=uQDw
-----END PGP SIGNATURE-----

Alexander Sack (asac) wrote :

On Wed, Sep 09, 2009 at 05:14:55PM -0000, dje wrote:
> Any updates on when/if this will make Jaunty? I've managed to get the
> Karmic packages running on Jaunty and the problem is fixed
>

The fixes should be in the security update staging PPA by
now. https://edge.launchpad.net/~ubuntu-mozilla-security/+archive/ppa

However, those package will have to take a weekend de-tour through
jaunty-proposed before they get in the -security and -updates
repository.

Would be precious if you could verify if upgrading to that ppa fixes
this bug for you.

 - Alexander

dje (duncaneastoe) wrote :
Download full text (4.4 KiB)

Sure, I've reinstalled using that PPA and it appears to work, at least on
the test page www.mozilla.com/firefox/its-an-attack.html. Version info
below:

Package: firefox-3.5
Source: firefox-3.5
Priority: optional
Section: web
Installed-Size: 3600
Maintainer: Ubuntu Mozilla Team <email address hidden>
Architecture: amd64
Version: 3.5.3+build1+nobinonly-0ubuntu0.9.04.2
Recommends: ubufox
Replaces: firefox-3.1
Suggests: firefox-3.5-gnome-support (=
3.5.3+build1+nobinonly-0ubuntu0.9.04.2), latex-xft-fonts, libthai0
Provides: firefox-3.1, www-browser
Depends: fontconfig, psmisc, debianutils (>= 1.16), xulrunner-1.9.1 (>=
1.9.1), libasound2 (>> 1.0.18), libatk1.0-0 (>= 1.20.0), libc6 (>= 2.4),
libcairo2 (>= 1.2.4), libfontconfig1 (>= 2.4.0), libfreetype6 (>= 2.2.1),
libgcc1 (>= 1:4.1.1), libglib2.0-0 (>= 2.16.0), libgtk2.0-0 (>= 2.16.0),
libnspr4-0d (>= 4.7.3-0ubuntu1~), libpango1.0-0 (>= 1.14.0), libstdc++6 (>=
4.1.1), firefox-3.5-branding | abrowser-3.5-branding
Conflicts: firefox-3.1 (<< 3.1~b4~hg20090317)
Filename:
pool/main/f/firefox-3.5/firefox-3.5_3.5.3+build1+nobinonly-0ubuntu0.9.04.2_amd64.deb
Size: 948266
MD5sum: 9a5f16d9fa98fdba40a22aea650ec6ee
SHA1: 506d8f48a59599f41a0080c414c80b5095131a10
Description: safe and easy web browser from Mozilla
 Firefox delivers safe, easy web browsing. A familiar user interface,
 enhanced security features including protection from online identity theft,
 and integrated search let you get the most out of the web.

Package: xulrunner-1.9.1
Source: xulrunner-1.9.1
Priority: optional
Section: devel
Installed-Size: 27496
Maintainer: Ubuntu Mozilla Team <email address hidden>
Architecture: amd64
Version: 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2
Recommends: libcanberra0
Depends: libasound2 (>> 1.0.18), libatk1.0-0 (>= 1.20.0), libc6 (>= 2.4),
libcairo2 (>= 1.6.0), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78),
libfontconfig1 (>= 2.4.0), libfreetype6 (>= 2.2.1), libgcc1 (>= 1:4.1.1),
libglib2.0-0 (>= 2.16.0), libgtk2.0-0 (>= 2.16.0), libhunspell-1.2-0 (>=
1.2.4), libidl0, libnspr4-0d (>= 4.7.3-0ubuntu1~), libnss3-1d (>= 3.12.3),
libpango1.0-0 (>= 1.14.0), libpython2.6 (>= 2.6), libsqlite3-0 (>= 3.6.10),
libstartup-notification0 (>= 0.8-1), libstdc++6 (>= 4.1.1), libx11-6,
libxrender1, libxt6, zlib1g (>= 1:1.1.4)
Conflicts: j2re1.4, libmozjs-dev, libxul-dev
Filename:
pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2_amd64.deb
Size: 9240614
MD5sum: 2ce3ecbbc3f8c73f5a0bf46e5b7bd578
SHA1: da954cc65bcc7bd8a52791dce60467a98611a0f5
Description: XUL + XPCOM application runner
 XULRunner is a single "gecko runtime" that can be used to bootstrap
 multiple XUL + XPCOM applications that are as rich as Firefox and
 Thunderbird.
 .
 XUL is Mozilla's XML based User Interface language that lets you build
 feature-rich cross platform applications. These applications are easily
 customized with alternative text, graphics and layout so that they can be
 readily branded or localized for various markets. Web developers already
 familiar with Dynamic HTML (DHTML) will learn XUL quickly and can start
 building applications right away.
 .
 XPCOM is a cross platform co...

Read more...

Alexander Sack (asac) wrote :

please binary pocket copy the firefox-3.5 and xulrunner-1.9.1 bits for jaunty from the security ppa (https://edge.launchpad.net/~ubuntu-mozilla-security/+archive/ppa) to jaunty-proposed. once verified this should be pocket copied to -security and -updates.

 firefox-3.5 - 3.5.3+build1+nobinonly-0ubuntu0.9.04.2
 xulrunner-1.9.1 - 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2

Changed in firefox-3.5 (Ubuntu Jaunty):
status: Triaged → In Progress
Alexander Sack (asac) wrote :

please binary pocket copy the firefox-3.5 and xulrunner-1.9.1 bits for jaunty from the security ppa (https://edge.launchpad.net/~ubuntu-mozilla-security/+archive/ppa) to jaunty-proposed. once verified this should be pocket copied to -security and -updates.

 firefox-3.5 - 3.5.3+build1+nobinonly-0ubuntu0.9.04.2
 xulrunner-1.9.1 - 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2

Changed in xulrunner-1.9.1 (Ubuntu Jaunty):
status: Triaged → In Progress
Martin Pitt (pitti) wrote :

Accepted xulrunner-1.9.1 into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in xulrunner-1.9.1 (Ubuntu Jaunty):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in firefox-3.5 (Ubuntu Jaunty):
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Accepted firefox-3.5 into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

On Fri, Sep 11, 2009 at 12:27:25PM -0000, Martin Pitt wrote:
> Accepted firefox-3.5 into jaunty-proposed, the package will build now
> and be available in a few hours. Please test and give feedback here. See
> https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
> enable and use -proposed. Thank you in advance!
>

Hi all ... I know you already verified this build in the security PPA
... but could you also recheck that its still fixed in jaunty-proposed
packages for xulrunner-1.9.1 and firefox-3.5? Thanks!

 - Alexander

dje (duncaneastoe) wrote :

Yes it appears to still be fixed! Reinstalled with packages from
jaunty-proposed

dje

2009/9/14 Alexander Sack <email address hidden>

> On Fri, Sep 11, 2009 at 12:27:25PM -0000, Martin Pitt wrote:
> > Accepted firefox-3.5 into jaunty-proposed, the package will build now
> > and be available in a few hours. Please test and give feedback here. See
> > https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
> > enable and use -proposed. Thank you in advance!
> >
>
> Hi all ... I know you already verified this build in the security PPA
> ... but could you also recheck that its still fixed in jaunty-proposed
> packages for xulrunner-1.9.1 and firefox-3.5? Thanks!
>
> - Alexander
>
> --
> Firefox doesn't warn about Attack Sites!?
> https://bugs.launchpad.net/bugs/404827
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Micah Gersten (micahg) wrote :

Seems fine with jaunty-proposed

Martin Pitt (pitti) on 2009-09-15
tags: added: verification-done
removed: verification-needed

On Tue, Sep 15, 2009 at 09:15:47AM -0000, Martin Pitt wrote:
> ** Tags added: verification-done
> ** Tags removed: verification-needed
>
Plesae remember to also help verifying Bug 398205 ... which currently
holds back the rollout of this update. Would be great if we could get
this done today.

Thankw!

 - Alexander

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xulrunner-1.9.1 - 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2

---------------
xulrunner-1.9.1 (1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2) jaunty-security; urgency=low

  * security/stability update v1.9.1.3 (FIREFOX_3_5_3_BUILD1)
    - see USN-821-1
  * fix LP: #398205 - Geolocation via WLAN doesn't seem to work; enable
    wireless scanning for geolocation by adding libiw-dev to build depends
    - update debian/control
  * fix LP: #404827 - safe-browsing now working in shiretoko; add
    --enable-safe-browsing configure flag to enable this again
    - update debian/rules

 -- Alexander Sack <email address hidden> Thu, 10 Sep 2009 17:45:17 +0200

Changed in xulrunner-1.9.1 (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox-3.5 - 3.5.3+build1+nobinonly-0ubuntu0.9.04.2

---------------
firefox-3.5 (3.5.3+build1+nobinonly-0ubuntu0.9.04.2) jaunty-security; urgency=low

  * security/stability update v3.5.3 build1 (FIREFOX_3_5_3_BUILD1)
    - see USN-821-1
    - fix LP: #333127 - Firefox 3.5 and above crash on full screen flash video
    - fix LP: #236853 - firefox crashed with SIGSEGV in NSSRWLock_LockRead_Util()
  * fix LP: #404827 - safe-browsing now working in shiretoko; add
    --enable-safe-browsing configure flag to enable this again
    - update debian/rules

 -- Alexander Sack <email address hidden> Thu, 10 Sep 2009 19:19:15 +0200

Changed in firefox-3.5 (Ubuntu Jaunty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Related questions