Tracking protection uses the same API as Google Safe Browsing #22

amq · 2015-06-28T09:33:35Z

https://github.com/pyllyukko/user.js/blob/master/user.js:

user_pref("browser.safebrowsing.enabled", false);

user_pref("privacy.trackingprotection.enabled", true);

See amq/firefox-debloat#2 (comment)

The text was updated successfully, but these errors were encountered:

pyllyukko · 2015-06-28T10:37:24Z

From what I've understood, the tracking protection should use a blacklist, which shouldn't leak information about the sites you visit. Of course that comment implies something else, but I would like to see some more facts about this.

Do you have some other references regarding this?

I guess we'll just need to dive into the source code and check it from there.

amq · 2015-06-28T14:09:39Z

Here is a list of trackingprotection mentions in Firefox sources:

Search "trackingprotection" (130 hits in 38 files)
  mozilla-release\addon-sdk\source\python-lib\cuddlefish\prefs.py (2 hits)
    Line 63:     'browser.trackingprotection.gethashURL': 'http://localhost/safebrowsing-dummy/gethash',
    Line 64:     'browser.trackingprotection.updateURL': 'http://localhost/safebrowsing-dummy/update',
  mozilla-release\addon-sdk\source\test\preferences\no-connections.json (2 hits)
    Line 20:   "browser.trackingprotection.gethashURL": "http://localhost/safebrowsing-dummy/gethash",
    Line 21:   "browser.trackingprotection.updateURL": "http://localhost/safebrowsing-dummy/update",
  mozilla-release\browser\app\profile\firefox.js (2 hits)
    Line 1316: pref("services.sync.prefs.sync.privacy.trackingprotection.enabled", true);
    Line 1856: pref("privacy.trackingprotection.ui.enabled", false);
  mozilla-release\browser\base\content\browser.js (3 hits)
    Line 1429:                       .getBoolPref("privacy.trackingprotection.enabled");
    Line 6874:     } else if (gPrefService.getBoolPref("privacy.trackingprotection.enabled")) {
    Line 6907:     } else if (gPrefService.getBoolPref("privacy.trackingprotection.enabled")) {
  mozilla-release\browser\base\content\test\general\browser_trackingUI.js (1 hit)
    Line 8: var PREF = "privacy.trackingprotection.enabled";
  mozilla-release\browser\base\content\urlbarBindings.xml (6 hits)
    Line 2308:         if (Services.prefs.getBoolPref("privacy.trackingprotection.enabled")) {
    Line 2336:           // nsChannelClassifier::ShouldEnableTrackingProtection
    Line 2341:           // Add the current host in the 'trackingprotection' consumer of
    Line 2345:             "trackingprotection", Services.perms.ALLOW_ACTION);
    Line 2355:           // Remove the current host from the 'trackingprotection' consumer
    Line 2359:             "trackingprotection");
  mozilla-release\browser\components\nsBrowserGlue.js (4 hits)
    Line 467:             Services.prefs.setBoolPref("privacy.trackingprotection.enabled", enabled);
    Line 468:             Services.prefs.setBoolPref("privacy.trackingprotection.ui.enabled", enabled);
    Line 472:             Services.prefs.clearUserPref("privacy.trackingprotection.enabled");
    Line 473:             Services.prefs.clearUserPref("privacy.trackingprotection.ui.enabled");
  mozilla-release\browser\components\preferences\in-content\privacy.js (6 hits)
    Line 20:    * privacy.trackingprotection.ui.enabled pref, and linkify its Learn More link
    Line 22:   _initTrackingProtection: function () {
    Line 23:     if (!Services.prefs.getBoolPref("privacy.trackingprotection.ui.enabled")) {
    Line 27:     let link = document.getElementById("trackingProtectionLearnMore");
    Line 31:     document.getElementById("trackingprotectionbox").hidden = false;
    Line 72:     this._initTrackingProtection();
  mozilla-release\browser\components\preferences\in-content\privacy.xul (10 hits)
    Line 16:   <preference id="privacy.trackingprotection.enabled"
    Line 17:               name="privacy.trackingprotection.enabled"
    Line 83:   <vbox id="trackingprotectionbox" hidden="true">
    Line 85:       <checkbox id="trackingProtection"
    Line 86:                 preference="privacy.trackingprotection.enabled"
    Line 87:                 accesskey="&trackingProtection.accesskey;"
    Line 88:                 label="&trackingProtection.label;" />
    Line 89:       <image id="trackingProtectionImage"/>
    Line 93:       <label id="trackingProtectionLearnMore"
    Line 95:              value="&trackingProtectionLearnMore.label;"/>
  mozilla-release\browser\components\preferences\privacy.js (6 hits)
    Line 23:    * privacy.trackingprotection.ui.enabled pref, and linkify its Learn More link
    Line 25:   _initTrackingProtection: function () {
    Line 26:     if (!Services.prefs.getBoolPref("privacy.trackingprotection.ui.enabled")) {
    Line 30:     let link = document.getElementById("trackingProtectionLearnMore");
    Line 34:     document.getElementById("trackingprotectionbox").hidden = false;
    Line 69:     this._initTrackingProtection();
  mozilla-release\browser\components\preferences\privacy.xul (10 hits)
    Line 29:       <preference id="privacy.trackingprotection.enabled"
    Line 30:                   name="privacy.trackingprotection.enabled"
    Line 92:       <vbox id="trackingprotectionbox" hidden="true">
    Line 94:           <checkbox id="trackingProtection"
    Line 95:                     preference="privacy.trackingprotection.enabled"
    Line 96:                     accesskey="&trackingProtection.accesskey;"
    Line 97:                     label="&trackingProtection.label;" />
    Line 98:           <image id="trackingProtectionImage"
    Line 103:           <label id="trackingProtectionLearnMore"
    Line 105:                  value="&trackingProtectionLearnMore.label;"/>
  mozilla-release\browser\components\test\browser_polaris_prefs.js (2 hits)
    Line 3: const PREF_TP = "privacy.trackingprotection.enabled";
    Line 4: const PREF_TPUI = "privacy.trackingprotection.ui.enabled";
  mozilla-release\browser\locales\en-US\chrome\browser\preferences\privacy.dtd (3 hits)
    Line 9: <!ENTITY trackingProtection.label       "Prevent sites from tracking me">
    Line 10: <!ENTITY trackingProtection.accesskey   "m">
    Line 11: <!ENTITY trackingProtectionLearnMore.label "Learn more">
  mozilla-release\browser\themes\shared\incontentprefs\preferences.inc.css (2 hits)
    Line 250: #trackingProtectionImage {
    Line 257:   #trackingProtectionImage {
  mozilla-release\mobile\android\base\preferences\GeckoPreferences.java (2 hits)
    Line 127:     private static final String PREFS_TRACKING_PROTECTION = "privacy.trackingprotection.enabled";
    Line 128:     private static final String PREFS_TRACKING_PROTECTION_LEARN_MORE = NON_PREF_PREFIX + "trackingprotection.learn_more";
  mozilla-release\mobile\android\base\resources\xml\preferences_privacy.xml (2 hits)
    Line 11:     <CheckBoxPreference android:key="privacy.trackingprotection.enabled"
    Line 17:             android:key="android.not_a_preference.trackingprotection.learn_more"
  mozilla-release\mobile\android\base\tests\robocop.ini (1 hit)
    Line 128: [testTrackingProtection]
  mozilla-release\mobile\android\base\tests\testTrackingProtection.java (3 hits)
    Line 17: public class testTrackingProtection extends JavascriptTest implements GeckoEventListener {
    Line 20:     public testTrackingProtection() {
    Line 21:         super("testTrackingProtection.js");
  mozilla-release\mobile\android\base\tests\testTrackingProtection.js (1 hit)
    Line 50: var PREF = "privacy.trackingprotection.enabled";
  mozilla-release\mobile\android\chrome\content\browser.js (8 hits)
    Line 399:             Services.prefs.getBoolPref("privacy.trackingprotection.enabled"));
    Line 1643:               // nsChannelClassifier::ShouldEnableTrackingProtection
    Line 1646:               // Add the current host in the 'trackingprotection' consumer of
    Line 1649:               Services.perms.add(normalizedUrl, "trackingprotection", Services.perms.ALLOW_ACTION);
    Line 1652:               // Remove the current host from the 'trackingprotection' consumer
    Line 1655:               Services.perms.remove(browser.currentURI.host, "trackingprotection");
    Line 6761:   // The following tracking content modes are only used if "privacy.trackingprotection.enabled"
    Line 6847:          Services.prefs.getBoolPref("privacy.trackingprotection.enabled")) {
  mozilla-release\modules\libpref\init\all.js (3 hits)
    Line 1028: pref("privacy.trackingprotection.enabled",  false);
    Line 4379: pref("browser.trackingprotection.updateURL", "https://tracking.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 4380: pref("browser.trackingprotection.gethashURL", "https://tracking.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
  mozilla-release\netwerk\base\nsChannelClassifier.cpp (10 hits)
    Line 62: nsChannelClassifier::ShouldEnableTrackingProtection(nsIChannel *aChannel,
    Line 71:     if (!Preferences::GetBool("privacy.trackingprotection.enabled", false)) {
    Line 132:     rv = permMgr->TestPermission(uri, "trackingprotection", &permissions);
    Line 170:     return NotifyTrackingProtectionDisabled(aChannel);
    Line 175: nsChannelClassifier::NotifyTrackingProtectionDisabled(nsIChannel *aChannel)
    Line 183:       parentChannel->NotifyTrackingProtectionDisabled();
    Line 306:     bool trackingProtectionEnabled = false;
    Line 307:     (void)ShouldEnableTrackingProtection(mChannel, &trackingProtectionEnabled);
    Line 307:     (void)ShouldEnableTrackingProtection(mChannel, &trackingProtectionEnabled);
    Line 321:     rv = uriClassifier->Classify(principal, trackingProtectionEnabled, this,
  mozilla-release\netwerk\base\nsChannelClassifier.h (2 hits)
    Line 29:     nsresult ShouldEnableTrackingProtection(nsIChannel *aChannel, bool *result);
    Line 52:     static nsresult NotifyTrackingProtectionDisabled(nsIChannel *aChannel);
  mozilla-release\netwerk\base\nsIParentChannel.idl (1 hit)
    Line 35:   [noscript] void notifyTrackingProtectionDisabled();
  mozilla-release\netwerk\base\nsIURIClassifier.idl (3 hits)
    Line 41:    * @param aTrackingProtectionEnabled
    Line 55:                    in boolean aTrackingProtectionEnabled,
    Line 64:                          in boolean aTrackingProtectionEnabled);
  mozilla-release\netwerk\protocol\ftp\FTPChannelParent.cpp (1 hit)
    Line 444: FTPChannelParent::NotifyTrackingProtectionDisabled()
  mozilla-release\netwerk\protocol\http\HttpChannelChild.cpp (2 hits)
    Line 1151: HttpChannelChild::RecvNotifyTrackingProtectionDisabled()
    Line 1153:   nsChannelClassifier::NotifyTrackingProtectionDisabled(this);
  mozilla-release\netwerk\protocol\http\HttpChannelChild.h (1 hit)
    Line 105:   bool RecvNotifyTrackingProtectionDisabled() override;
  mozilla-release\netwerk\protocol\http\HttpChannelParent.cpp (2 hits)
    Line 880: HttpChannelParent::NotifyTrackingProtectionDisabled()
    Line 883:     unused << SendNotifyTrackingProtectionDisabled();
  mozilla-release\netwerk\protocol\http\nsHttpChannel.cpp (1 hit)
    Line 4896:             channelClassifier->ShouldEnableTrackingProtection(this, &tp);
  mozilla-release\netwerk\protocol\http\PHttpChannel.ipdl (1 hit)
    Line 133:   NotifyTrackingProtectionDisabled();
  mozilla-release\netwerk\protocol\rtsp\RtspChannelParent.cpp (1 hit)
    Line 153: RtspChannelParent::NotifyTrackingProtectionDisabled()
  mozilla-release\testing\profiles\prefs_general.js (2 hits)
    Line 90: user_pref("browser.trackingprotection.gethashURL", "http://%(server)s/safebrowsing-dummy/gethash");
    Line 91: user_pref("browser.trackingprotection.updateURL", "http://%(server)s/safebrowsing-dummy/update");
  mozilla-release\toolkit\components\url-classifier\nsUrlClassifierDBService.cpp (7 hits)
    Line 73: #define CHECK_TRACKING_PREF     "privacy.trackingprotection.enabled"
    Line 1175: nsUrlClassifierDBService::BuildTables(bool aTrackingProtectionEnabled,
    Line 1192:   if (aTrackingProtectionEnabled && !tracking.IsEmpty()) {
    Line 1201:                                    bool aTrackingProtectionEnabled,
    Line 1219:   BuildTables(aTrackingProtectionEnabled, tables);
    Line 1234:                                         bool aTrackingProtectionEnabled,
    Line 1240:   BuildTables(aTrackingProtectionEnabled, tables);
  mozilla-release\toolkit\components\url-classifier\nsUrlClassifierDBService.h (1 hit)
    Line 102:   void BuildTables(bool trackingProtectionEnabled, nsCString& tables);
  mozilla-release\toolkit\components\url-classifier\SafeBrowsing.jsm (10 hits)
    Line 31: const trackingProtectionLists = getLists("urlclassifier.trackingTable");
    Line 53:     Services.prefs.addObserver("privacy.trackingprotection", this.readPrefs.bind(this), false);
    Line 71:     for (let i = 0; i < trackingProtectionLists.length; ++i) {
    Line 72:       listManager.registerTable(trackingProtectionLists[i],
    Line 111:     this.trackingEnabled = Services.prefs.getBoolPref("privacy.trackingprotection.enabled");
    Line 148:       "browser.trackingprotection.updateURL");
    Line 150:       "browser.trackingprotection.gethashURL");
    Line 188:     for (let i = 0; i < trackingProtectionLists.length; ++i) {
    Line 190:         listManager.enableUpdate(trackingProtectionLists[i]);
    Line 192:         listManager.disableUpdate(trackingProtectionLists[i]);
  mozilla-release\toolkit\components\url-classifier\tests\mochitest\test_allowlisted_annotations.html (4 hits)
    Line 21: SpecialPowers.addPermission("trackingprotection",
    Line 36:   SpecialPowers.removePermission("trackingprotection",
    Line 38:   ok(!SpecialPowers.testPermission("trackingprotection",
    Line 74:             ["privacy.trackingprotection.enabled", true],
  mozilla-release\toolkit\components\url-classifier\tests\mochitest\test_classified_annotations.html (2 hits)
    Line 28:   SpecialPowers.clearUserPref("privacy.trackingprotection.enabled");
    Line 53:       SpecialPowers.setBoolPref("privacy.trackingprotection.enabled", true);

amq · 2015-06-28T14:17:01Z

Looks like I have found a confirmation:

mozilla-release\modules\libpref\init\all.js:

// The table and update/gethash URLs for Safebrowsing phishing and malware
// checks.
pref("urlclassifier.trackingTable", "mozpub-track-digest256");
pref("browser.trackingprotection.updateURL", "https://tracking.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
pref("browser.trackingprotection.gethashURL", "https://tracking.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");

mozilla-release\testing\profiles\prefs_general.js:

// Point the url-classifier to the local testing server for fast failures
user_pref("browser.safebrowsing.gethashURL", "http://%(server)s/safebrowsing-dummy/gethash");
user_pref("browser.safebrowsing.updateURL", "http://%(server)s/safebrowsing-dummy/update");
user_pref("browser.safebrowsing.appRepURL", "http://%(server)s/safebrowsing-dummy/update");
user_pref("browser.trackingprotection.gethashURL", "http://%(server)s/safebrowsing-dummy/gethash");
user_pref("browser.trackingprotection.updateURL", "http://%(server)s/safebrowsing-dummy/update");

pyllyukko · 2015-06-28T15:45:19Z

Thanks for these details.

Now I think the only remaining question is, whether this is bad or not. As I said previously, my impression was that it still shouldn't leak information.

At least the following links state that this is the case:

Safe_browsing#General_considerations: "Mozilla's Safe Browsing implementation downloads a list of reported websites, thus there should be no directly identifiable information sent to the provider of that service which websites were actually visited by you. If more information on a page is requested, the request and the provided results cover a larger set of websites which includes the one the information was requested for, using an incomplete hash of the website's address."
- http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849: "Google cannot determine the real URL from this information."
How does built-in Phishing and Malware Protection work?: "No information about you or the sites you visit is communicated during list updates."

Then again, of course your IP address is one thing that is being leaked, but does getting some extra protection outweigh this or not?

amq · 2015-06-28T17:12:54Z

I just mean that we have to stay consistent and either enable or disable both Safe Browsing and Tracking Protection. Because if Tracking Protection doesn't leak enough information to be considered dangerous, then Safe Browsing is the same.

pyllyukko · 2015-06-28T17:25:42Z

Ah. Gotcha! :)

pyllyukko · 2015-06-28T21:00:44Z

Then again... it is not only a matter of the API that is being used, but also who provides that service. As safe browsing is provided by Google and tracking protection is from Mozilla.

amq · 2015-06-28T23:06:38Z

List of safebrowsing mentions:

Search "safebrowsing" (484 hits in 83 files)
  mozilla-release\addon-sdk\source\python-lib\cuddlefish\prefs.py (15 hits)
    Line 58:     'browser.safebrowsing.enabled' : False,
    Line 59:     'browser.safebrowsing.updateURL': 'http://localhost/safebrowsing-dummy/update',
    Line 59:     'browser.safebrowsing.updateURL': 'http://localhost/safebrowsing-dummy/update',
    Line 60:     'browser.safebrowsing.gethashURL': 'http://localhost/safebrowsing-dummy/gethash',
    Line 60:     'browser.safebrowsing.gethashURL': 'http://localhost/safebrowsing-dummy/gethash',
    Line 61:     'browser.safebrowsing.reportURL': 'http://localhost/safebrowsing-dummy/report',
    Line 61:     'browser.safebrowsing.reportURL': 'http://localhost/safebrowsing-dummy/report',
    Line 62:     'browser.safebrowsing.malware.reportURL': 'http://localhost/safebrowsing-dummy/malwarereport',
    Line 62:     'browser.safebrowsing.malware.reportURL': 'http://localhost/safebrowsing-dummy/malwarereport',
    Line 63:     'browser.trackingprotection.gethashURL': 'http://localhost/safebrowsing-dummy/gethash',
    Line 64:     'browser.trackingprotection.updateURL': 'http://localhost/safebrowsing-dummy/update',
    Line 121:     'browser.safebrowsing.provider.0.gethashURL' : 'http://localhost/safebrowsing-dummy/gethash',
    Line 121:     'browser.safebrowsing.provider.0.gethashURL' : 'http://localhost/safebrowsing-dummy/gethash',
    Line 122:     'browser.safebrowsing.provider.0.updateURL' : 'http://localhost/safebrowsing-dummy/update',
    Line 122:     'browser.safebrowsing.provider.0.updateURL' : 'http://localhost/safebrowsing-dummy/update',
  mozilla-release\addon-sdk\source\test\preferences\firefox.json (4 hits)
    Line 8:   "browser.safebrowsing.provider.0.gethashURL": "http://localhost/safebrowsing-dummy/gethash",
    Line 8:   "browser.safebrowsing.provider.0.gethashURL": "http://localhost/safebrowsing-dummy/gethash",
    Line 9:   "browser.safebrowsing.provider.0.updateURL": "http://localhost/safebrowsing-dummy/update"
    Line 9:   "browser.safebrowsing.provider.0.updateURL": "http://localhost/safebrowsing-dummy/update"
  mozilla-release\addon-sdk\source\test\preferences\no-connections.json (11 hits)
    Line 15:   "browser.safebrowsing.enabled": false,
    Line 16:   "browser.safebrowsing.updateURL": "http://localhost/safebrowsing-dummy/update",
    Line 16:   "browser.safebrowsing.updateURL": "http://localhost/safebrowsing-dummy/update",
    Line 17:   "browser.safebrowsing.gethashURL": "http://localhost/safebrowsing-dummy/gethash",
    Line 17:   "browser.safebrowsing.gethashURL": "http://localhost/safebrowsing-dummy/gethash",
    Line 18:   "browser.safebrowsing.reportURL": "http://localhost/safebrowsing-dummy/report",
    Line 18:   "browser.safebrowsing.reportURL": "http://localhost/safebrowsing-dummy/report",
    Line 19:   "browser.safebrowsing.malware.reportURL": "http://localhost/safebrowsing-dummy/malwarereport",
    Line 19:   "browser.safebrowsing.malware.reportURL": "http://localhost/safebrowsing-dummy/malwarereport",
    Line 20:   "browser.trackingprotection.gethashURL": "http://localhost/safebrowsing-dummy/gethash",
    Line 21:   "browser.trackingprotection.updateURL": "http://localhost/safebrowsing-dummy/update",
  mozilla-release\b2g\app\b2g.js (42 hits)
    Line 343: pref("browser.safebrowsing.enabled", false);
    Line 346: pref("browser.safebrowsing.malware.enabled", false);
    Line 348: pref("browser.safebrowsing.debug", false);
    Line 349: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 349: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 349: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 349: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 350: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 350: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 350: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 350: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 351: pref("browser.safebrowsing.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 351: pref("browser.safebrowsing.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 351: pref("browser.safebrowsing.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 352: pref("browser.safebrowsing.reportGenericURL", "http://%LOCALE%.phish-generic.mozilla.com/?hl=%LOCALE%");
    Line 353: pref("browser.safebrowsing.reportErrorURL", "http://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%");
    Line 354: pref("browser.safebrowsing.reportPhishURL", "http://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%");
    Line 355: pref("browser.safebrowsing.reportMalwareURL", "http://%LOCALE%.malware-report.mozilla.com/?hl=%LOCALE%");
    Line 356: pref("browser.safebrowsing.reportMalwareErrorURL", "http://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%");
    Line 357: pref("browser.safebrowsing.appRepURL", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%");
    Line 357: pref("browser.safebrowsing.appRepURL", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%");
    Line 359: pref("browser.safebrowsing.id", "Firefox");
    Line 365: pref("browser.safebrowsing.provider.0.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client={moz:client}&appver={moz:version}&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 365: pref("browser.safebrowsing.provider.0.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client={moz:client}&appver={moz:version}&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 365: pref("browser.safebrowsing.provider.0.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client={moz:client}&appver={moz:version}&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 367: pref("browser.safebrowsing.dataProvider", 0);
    Line 370: pref("browser.safebrowsing.provider.0.name", "Google");
    Line 371: pref("browser.safebrowsing.provider.0.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 371: pref("browser.safebrowsing.provider.0.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 371: pref("browser.safebrowsing.provider.0.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 372: pref("browser.safebrowsing.provider.0.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client={moz:client}&appver={moz:version}&pver=2.2");
    Line 372: pref("browser.safebrowsing.provider.0.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client={moz:client}&appver={moz:version}&pver=2.2");
    Line 372: pref("browser.safebrowsing.provider.0.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client={moz:client}&appver={moz:version}&pver=2.2");
    Line 375: pref("browser.safebrowsing.provider.0.reportGenericURL", "http://{moz:locale}.phish-generic.mozilla.com/?hl={moz:locale}");
    Line 376: pref("browser.safebrowsing.provider.0.reportErrorURL", "http://{moz:locale}.phish-error.mozilla.com/?hl={moz:locale}");
    Line 377: pref("browser.safebrowsing.provider.0.reportPhishURL", "http://{moz:locale}.phish-report.mozilla.com/?hl={moz:locale}");
    Line 378: pref("browser.safebrowsing.provider.0.reportMalwareURL", "http://{moz:locale}.malware-report.mozilla.com/?hl={moz:locale}");
    Line 379: pref("browser.safebrowsing.provider.0.reportMalwareErrorURL", "http://{moz:locale}.malware-error.mozilla.com/?hl={moz:locale}");
    Line 386: // Gethash timeout for Safebrowsing.
    Line 395: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 395: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 395: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
  mozilla-release\b2g\chrome\content\shell.js (3 hits)
    Line 74: XPCOMUtils.defineLazyModuleGetter(this, "SafeBrowsing",
    Line 75:               "resource://gre/modules/SafeBrowsing.jsm");
    Line 370:       SafeBrowsing.init();
  mozilla-release\browser\app\profile\firefox.js (32 hits)
    Line 967: pref("browser.safebrowsing.enabled", true);
    Line 968: pref("browser.safebrowsing.malware.enabled", true);
    Line 969: pref("browser.safebrowsing.downloads.enabled", true);
    Line 972: pref("browser.safebrowsing.downloads.remote.enabled", true);
    Line 974: pref("browser.safebrowsing.downloads.remote.enabled", false);
    Line 976: pref("browser.safebrowsing.debug", false);
    Line 978: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 978: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 978: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 978: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 979: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 979: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 979: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 979: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 980: pref("browser.safebrowsing.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 980: pref("browser.safebrowsing.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 980: pref("browser.safebrowsing.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 981: pref("browser.safebrowsing.reportGenericURL", "http://%LOCALE%.phish-generic.mozilla.com/?hl=%LOCALE%");
    Line 982: pref("browser.safebrowsing.reportErrorURL", "http://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%");
    Line 983: pref("browser.safebrowsing.reportPhishURL", "http://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%");
    Line 984: pref("browser.safebrowsing.reportMalwareURL", "http://%LOCALE%.malware-report.mozilla.com/?hl=%LOCALE%");
    Line 985: pref("browser.safebrowsing.reportMalwareErrorURL", "http://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%");
    Line 987: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 987: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 987: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 989: pref("browser.safebrowsing.appRepURL", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%");
    Line 989: pref("browser.safebrowsing.appRepURL", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%");
    Line 994: pref("browser.safebrowsing.id", "navclient-auto-ffox");
    Line 997: // Name of the about: page contributed by safebrowsing to handle display of error
    Line 1004: // Gethash timeout for Safebrowsing.
    Line 1276: pref("services.sync.prefs.sync.browser.safebrowsing.enabled", true);
    Line 1277: pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", true);
  mozilla-release\browser\base\content\blockedSite.xhtml (1 hit)
    Line 10:   <!ENTITY % blockedSiteDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">
  mozilla-release\browser\base\content\browser-doctype.inc (3 hits)
    Line 19: <!ENTITY % safebrowsingDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">
    Line 19: <!ENTITY % safebrowsingDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">
    Line 20: %safebrowsingDTD;
  mozilla-release\browser\base\content\browser-safebrowsing.js (2 hits)
    Line 6: var gSafeBrowsing = {
    Line 39:     var reportUrl = SafeBrowsing.getReportURL(name);
  mozilla-release\browser\base\content\browser.js (15 hits)
    Line 168: XPCOMUtils.defineLazyModuleGetter(this, "SafeBrowsing",
    Line 169:   "resource://gre/modules/SafeBrowsing.jsm");
    Line 241: #include browser-safebrowsing.js
    Line 1222:     setTimeout(function() { SafeBrowsing.init(); }, 2000);
    Line 2847:             let reportURL = formatURL("browser.safebrowsing.malware.reportURL", true);
    Line 2901:       label: gNavigatorBundle.getString("safebrowsing.getMeOutOfHereButton.label"),
    Line 2902:       accessKey: gNavigatorBundle.getString("safebrowsing.getMeOutOfHereButton.accessKey"),
    Line 2908:       title = gNavigatorBundle.getString("safebrowsing.reportedAttackSite");
    Line 2910:         label: gNavigatorBundle.getString("safebrowsing.notAnAttackButton.label"),
    Line 2911:         accessKey: gNavigatorBundle.getString("safebrowsing.notAnAttackButton.accessKey"),
    Line 2913:           openUILinkIn(gSafeBrowsing.getReportURL('MalwareError'), 'tab');
    Line 2917:       title = gNavigatorBundle.getString("safebrowsing.reportedWebForgery");
    Line 2919:         label: gNavigatorBundle.getString("safebrowsing.notAForgeryButton.label"),
    Line 2920:         accessKey: gNavigatorBundle.getString("safebrowsing.notAForgeryButton.accessKey"),
    Line 2922:           openUILinkIn(gSafeBrowsing.getReportURL('Error'), 'tab');
  mozilla-release\browser\base\content\report-phishing-overlay.xul (6 hits)
    Line 7: <!ENTITY % reportphishDTD SYSTEM "chrome://browser/locale/safebrowsing/report-phishing.dtd">
    Line 9: <!ENTITY % safebrowsingDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">
    Line 9: <!ENTITY % safebrowsingDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">
    Line 10: %safebrowsingDTD;
    Line 25:               oncommand="openUILink(gSafeBrowsing.getReportURL('Phish'), event);"
    Line 32:               oncommand="openUILinkIn(gSafeBrowsing.getReportURL('Error'), 'tab');"
  mozilla-release\browser\base\content\utilityOverlay.js (2 hits)
    Line 648:   if (typeof gSafeBrowsing != "undefined")
    Line 649:     gSafeBrowsing.setReportPhishingMenu();
  mozilla-release\browser\components\moz.build (1 hit)
    Line 53:     BROWSER_CHROME_MANIFESTS += ['safebrowsing/content/test/browser.ini']
  mozilla-release\browser\components\preferences\in-content\security.xul (6 hits)
    Line 23:   <preference id="browser.safebrowsing.malware.enabled"
    Line 24:               name="browser.safebrowsing.malware.enabled"
    Line 26:   <preference id="browser.safebrowsing.enabled"
    Line 27:               name="browser.safebrowsing.enabled"
    Line 63:               preference="browser.safebrowsing.malware.enabled" />
    Line 67:               preference="browser.safebrowsing.enabled" />
  mozilla-release\browser\components\preferences\security.xul (6 hits)
    Line 35:       <preference id="browser.safebrowsing.malware.enabled"
    Line 36:                   name="browser.safebrowsing.malware.enabled"
    Line 38:       <preference id="browser.safebrowsing.enabled"
    Line 39:                   name="browser.safebrowsing.enabled"
    Line 69:                 preference="browser.safebrowsing.malware.enabled" />
    Line 73:                 preference="browser.safebrowsing.enabled" />
  mozilla-release\browser\components\safebrowsing\content\test\head.js (2 hits)
    Line 1: // Force SafeBrowsing to be initialized for the tests
    Line 4: SafeBrowsing.init();
  mozilla-release\browser\locales\en-US\chrome\browser\browser.properties (8 hits)
    Line 360: safebrowsing.getMeOutOfHereButton.label=Get me out of here!
    Line 361: safebrowsing.getMeOutOfHereButton.accessKey=G
    Line 362: safebrowsing.reportedWebForgery=Reported Web Forgery!
    Line 363: safebrowsing.notAForgeryButton.label=This isn't a web forgery…
    Line 364: safebrowsing.notAForgeryButton.accessKey=F
    Line 365: safebrowsing.reportedAttackSite=Reported Attack Site!
    Line 366: safebrowsing.notAnAttackButton.label=This isn't an attack site…
    Line 367: safebrowsing.notAnAttackButton.accessKey=A
  mozilla-release\browser\locales\jar.mn (4 hits)
    Line 111:     locale/browser/safebrowsing/phishing-afterload-warning-message.dtd (%chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd)
    Line 111:     locale/browser/safebrowsing/phishing-afterload-warning-message.dtd (%chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd)
    Line 112:     locale/browser/safebrowsing/report-phishing.dtd                    (%chrome/browser/safebrowsing/report-phishing.dtd)
    Line 112:     locale/browser/safebrowsing/report-phishing.dtd                    (%chrome/browser/safebrowsing/report-phishing.dtd)
  mozilla-release\browser\metro\base\content\browser.js (1 hit)
    Line 717:           let reportURL = formatter.formatURLPref("browser.safebrowsing.malware.reportURL");
  mozilla-release\browser\metro\base\content\pages\aboutRights.xhtml (6 hits)
    Line 50:     <p><strong>&rights.safebrowsing-a;</strong>&rights.safebrowsing-b;</p>
    Line 50:     <p><strong>&rights.safebrowsing-a;</strong>&rights.safebrowsing-b;</p>
    Line 52:       <li>&rights.safebrowsing-term1;</li>
    Line 53:       <li>&rights.safebrowsing-term2;</li>
    Line 54:       <li>&rights.safebrowsing-term3;</li>
    Line 55:       <li>&rights.safebrowsing-term4;</li>
  mozilla-release\browser\metro\base\content\pages\crashprompt.xhtml (1 hit)
    Line 315:             <p>Each time Firefox checks in with a third party provider to download a new blacklist, Non-Personal Information and Potentially Personal Information, such as the information that the browser sends every time you visit a website as well as the version number of the blacklist on your system, is sent to a third party provider. In order to safeguard your privacy, Firefox will not transmit the complete URL of web pages that you visit to anyone other than Mozilla and its service providers. While it is possible that a third party service provider may determine the actual URL from the hashed URL sent, Mozilla’s policy is to require its third party service providers to enter into a written agreement with Mozilla not to use any data or other information about or from users of Firefox for purposes other than to provide and maintain their service. In addition, Mozilla’s policy is to prohibit these third party service providers from correlating any Firefox user data with any other data collec...
  mozilla-release\browser\metro\components\components.manifest (5 hits)
    Line 78: # SafeBrowsing.js
    Line 79: component {aadaed90-6c03-42d0-924a-fc61198ff283} SafeBrowsing.js
    Line 80: contract @mozilla.org/safebrowsing/application;1 {aadaed90-6c03-42d0-924a-fc61198ff283}
    Line 81: category app-startup SafeBrowsing service,@mozilla.org/safebrowsing/application;1
    Line 81: category app-startup SafeBrowsing service,@mozilla.org/safebrowsing/application;1
  mozilla-release\browser\metro\components\moz.build (1 hit)
    Line 29:         'SafeBrowsing.js',
  mozilla-release\browser\metro\components\SafeBrowsing.js (5 hits)
    Line 13: const kPhishWardenEnabledPref = "browser.safebrowsing.enabled";
    Line 14: const kMalwareWardenEnabledPref = "browser.safebrowsing.malware.enabled";
    Line 17: function SafeBrowsing() {
    Line 37: SafeBrowsing.prototype = {
    Line 168: this.NSGetFactory = XPCOMUtils.generateNSGetFactory([SafeBrowsing]);
  mozilla-release\browser\metro\profile\metro.js (23 hits)
    Line 597: pref("browser.safebrowsing.enabled", true);
    Line 600: pref("browser.safebrowsing.malware.enabled", true);
    Line 603: pref("browser.safebrowsing.provider.0.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client={moz:client}&appver={moz:version}&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 603: pref("browser.safebrowsing.provider.0.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client={moz:client}&appver={moz:version}&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 603: pref("browser.safebrowsing.provider.0.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client={moz:client}&appver={moz:version}&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 605: pref("browser.safebrowsing.dataProvider", 0);
    Line 608: pref("browser.safebrowsing.provider.0.name", "Google");
    Line 609: pref("browser.safebrowsing.provider.0.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 609: pref("browser.safebrowsing.provider.0.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 609: pref("browser.safebrowsing.provider.0.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 610: pref("browser.safebrowsing.provider.0.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client={moz:client}&appver={moz:version}&pver=2.2");
    Line 610: pref("browser.safebrowsing.provider.0.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client={moz:client}&appver={moz:version}&pver=2.2");
    Line 610: pref("browser.safebrowsing.provider.0.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client={moz:client}&appver={moz:version}&pver=2.2");
    Line 613: pref("browser.safebrowsing.provider.0.reportGenericURL", "http://{moz:locale}.phish-generic.mozilla.com/?hl={moz:locale}");
    Line 614: pref("browser.safebrowsing.provider.0.reportErrorURL", "http://{moz:locale}.phish-error.mozilla.com/?hl={moz:locale}");
    Line 615: pref("browser.safebrowsing.provider.0.reportPhishURL", "http://{moz:locale}.phish-report.mozilla.com/?hl={moz:locale}");
    Line 616: pref("browser.safebrowsing.provider.0.reportMalwareURL", "http://{moz:locale}.malware-report.mozilla.com/?hl={moz:locale}");
    Line 617: pref("browser.safebrowsing.provider.0.reportMalwareErrorURL", "http://{moz:locale}.malware-error.mozilla.com/?hl={moz:locale}");
    Line 622: // Name of the about: page contributed by safebrowsing to handle display of error
    Line 629: // Gethash timeout for Safebrowsing.
    Line 641: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 641: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 641: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
  mozilla-release\build\pgo\server-locations.txt (1 hit)
    Line 118: # Prevent safebrowsing tests from hitting the network for its-a-trap.html and
  mozilla-release\caps\nsIScriptSecurityManager.idl (1 hit)
    Line 219:     const unsigned long SAFEBROWSING_APP_ID = 4294967294; // UINT32_MAX - 1
  mozilla-release\docshell\base\LoadContext.h (2 hits)
    Line 31:  * to separate the safebrowsing cookie.
    Line 95:   // Constructor taking reserved appId for the safebrowsing cookie.
  mozilla-release\dom\base\nsDocument.h (2 hits)
    Line 1194:   // canceled by the URL classifier (Safebrowsing).
    Line 1212:   // canceled by the URL classifier (Safebrowsing).
  mozilla-release\dom\base\nsIDocument.h (1 hit)
    Line 2841:   // classifier. (Safebrowsing)
  mozilla-release\dom\webidl\HTMLDocument.webidl (2 hits)
    Line 91:    * the Safebrowsing API to prevent tracking.
    Line 98:    * the Safebrowsing API to prevent tracking.
  mozilla-release\image\test\unit\image_load_helpers.js (1 hit)
    Line 19: // Safebrowsing requires that the profile dir is set.
  mozilla-release\js\src\tests\user.js (2 hits)
    Line 26: user_pref("browser.safebrowsing.enabled", false);
    Line 27: user_pref("browser.safebrowsing.malware.enabled", false);
  mozilla-release\layout\tools\reftest\remotereftest.py (4 hits)
    Line 361:         prefs["browser.safebrowsing.gethashURL"] = "http://127.0.0.1:8888/safebrowsing-dummy/gethash"
    Line 361:         prefs["browser.safebrowsing.gethashURL"] = "http://127.0.0.1:8888/safebrowsing-dummy/gethash"
    Line 362:         prefs["browser.safebrowsing.updateURL"] = "http://127.0.0.1:8888/safebrowsing-dummy/update"
    Line 362:         prefs["browser.safebrowsing.updateURL"] = "http://127.0.0.1:8888/safebrowsing-dummy/update"
  mozilla-release\layout\tools\reftest\runreftest.py (3 hits)
    Line 208:     # Likewise for safebrowsing.
    Line 209:     prefs['browser.safebrowsing.enabled'] = False
    Line 210:     prefs['browser.safebrowsing.malware.enabled'] = False
  mozilla-release\mobile\android\app\mobile.js (25 hits)
    Line 580: pref("browser.safebrowsing.enabled", true);
    Line 581: pref("browser.safebrowsing.malware.enabled", true);
    Line 582: pref("browser.safebrowsing.debug", false);
    Line 584: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 584: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 584: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 584: pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
    Line 585: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 585: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 585: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 585: pref("browser.safebrowsing.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 586: pref("browser.safebrowsing.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 586: pref("browser.safebrowsing.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 586: pref("browser.safebrowsing.reportURL", "https://safebrowsing.google.com/safebrowsing/report?");
    Line 587: pref("browser.safebrowsing.reportGenericURL", "http://%LOCALE%.phish-generic.mozilla.com/?hl=%LOCALE%");
    Line 588: pref("browser.safebrowsing.reportErrorURL", "http://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%");
    Line 589: pref("browser.safebrowsing.reportPhishURL", "http://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%");
    Line 590: pref("browser.safebrowsing.reportMalwareURL", "http://%LOCALE%.malware-report.mozilla.com/?hl=%LOCALE%");
    Line 591: pref("browser.safebrowsing.reportMalwareErrorURL", "http://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%");
    Line 593: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 593: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 593: pref("browser.safebrowsing.malware.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
    Line 595: pref("browser.safebrowsing.id", @MOZ_APP_UA_NAME@);
    Line 597: // Name of the about: page contributed by safebrowsing to handle display of error
    Line 604: // Gethash timeout for Safebrowsing.
  mozilla-release\mobile\android\chrome\content\aboutRights.xhtml (6 hits)
    Line 48:     <p><strong>&rights.safebrowsing-a;</strong>&rights.safebrowsing-b;</p>
    Line 48:     <p><strong>&rights.safebrowsing-a;</strong>&rights.safebrowsing-b;</p>
    Line 50:       <li>&rights.safebrowsing-term1;</li>
    Line 51:       <li>&rights.safebrowsing-term2;</li>
    Line 52:       <li>&rights.safebrowsing-term3;</li>
    Line 53:       <li>&rights.safebrowsing-term4;</li>
  mozilla-release\mobile\android\chrome\content\browser.js (6 hits)
    Line 61:   XPCOMUtils.defineLazyModuleGetter(this, "SafeBrowsing",
    Line 62:                                     "resource://gre/modules/SafeBrowsing.jsm");
    Line 386:             SafeBrowsing.init();
    Line 5519:                 let reportURL = formatter.formatURLPref("browser.safebrowsing.malware.reportURL");
    Line 5540:             NativeWindow.doorhanger.show(Strings.browser.GetStringFromName("safeBrowsingDoorhanger"), "safebrowsing-warning", [], BrowserApp.selectedTab.id);
    Line 5540:             NativeWindow.doorhanger.show(Strings.browser.GetStringFromName("safeBrowsingDoorhanger"), "safebrowsing-warning", [], BrowserApp.selectedTab.id);
  mozilla-release\mobile\android\installer\package-manifest.in (1 hit)
    Line 633: @BINPATH@/components/SafeBrowsing.jsm
  mozilla-release\mobile\android\locales\en-US\chrome\browser.properties (2 hits)
    Line 72: # SafeBrowsing
    Line 73: safeBrowsingDoorhanger=This site has been identified as containing malware or a phishing attempt. Be careful.
  mozilla-release\modules\libpref\init\all.js (4 hits)
    Line 4369: // The tables used for Safebrowsing phishing and malware checks.
    Line 4376: // The table and update/gethash URLs for Safebrowsing phishing and malware
    Line 4379: pref("browser.trackingprotection.updateURL", "https://tracking.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
    Line 4380: pref("browser.trackingprotection.gethashURL", "https://tracking.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
  mozilla-release\netwerk\base\BackgroundFileSaver.h (1 hit)
    Line 304:    * since that is what Google's Safebrowsing protocol specifies.
  mozilla-release\netwerk\base\nsNetUtil.h (2 hits)
    Line 1722: // special app id reserved for separating the safebrowsing cookie
    Line 1723: #define NECKO_SAFEBROWSING_APP_ID UINT32_MAX - 1
  mozilla-release\netwerk\test\unit\test_cookiejars_safebrowsing.js (33 hits)
    Line 7:  *   We show that we can separate the safebrowsing cookie by creating a custom
    Line 11:  *   For testing safebrowsing update we do >> NOT << emulate a response
    Line 15:  * 1) We init safebrowsing and simulate an update (cookies are set for localhost)
    Line 18:  *    safebrowsing cookie.
    Line 20:  * 3) We open a channel with a custom callback, simulating a safebrowsing cookie
    Line 21:  *    that should send this simulated safebrowsing cookie as well as the
    Line 22:  *    real safebrowsing cookies. (Confirming that the safebrowsing cookies
    Line 22:  *    real safebrowsing cookies. (Confirming that the safebrowsing cookies
    Line 33: XPCOMUtils.defineLazyModuleGetter(this, "SafeBrowsing",
    Line 34:   "resource://gre/modules/SafeBrowsing.jsm");
    Line 38: var safebrowsingUpdatePath = "/safebrowsingUpdate";
    Line 38: var safebrowsingUpdatePath = "/safebrowsingUpdate";
    Line 62: function safebrowsingUpdateHandler(metadata, response) {
    Line 97:   httpserver.registerPathHandler(safebrowsingUpdatePath, safebrowsingUpdateHandler);
    Line 97:   httpserver.registerPathHandler(safebrowsingUpdatePath, safebrowsingUpdateHandler);
    Line 105: add_test(function test_safebrowsing_update() {
    Line 123:     URL + safebrowsingUpdatePath, onSuccess, onUpdateError, onDownloadError);
    Line 126: add_test(function test_non_safebrowsing_cookie() {
    Line 131:   function setNonSafeBrowsingCookie() {
    Line 134:     channel.asyncOpen(new ChannelListener(checkNonSafeBrowsingCookie, null), null);
    Line 137:   function checkNonSafeBrowsingCookie() {
    Line 139:     channel.asyncOpen(new ChannelListener(completeCheckNonSafeBrowsingCookie, null), null);
    Line 142:   function completeCheckNonSafeBrowsingCookie(request, data, context) {
    Line 151:   setNonSafeBrowsingCookie();
    Line 154: add_test(function test_safebrowsing_cookie() {
    Line 157:   var loadContext = new LoadContextCallback(Ci.nsIScriptSecurityManager.SAFEBROWSING_APP_ID, false, false, false);
    Line 159:   function setSafeBrowsingCookie() {
    Line 162:     channel.asyncOpen(new ChannelListener(checkSafeBrowsingCookie, null), null);
    Line 165:   function checkSafeBrowsingCookie() {
    Line 167:     channel.asyncOpen(new ChannelListener(completeCheckSafeBrowsingCookie, null), null);
    Line 170:   function completeCheckSafeBrowsingCookie(request, data, context) {
    Line 172:     //   a) the safebrowsing cookie set when updating
    Line 183:   setSafeBrowsingCookie();
  mozilla-release\netwerk\test\unit\xpcshell.ini (1 hit)
    Line 174: [test_cookiejars_safebrowsing.js]
  mozilla-release\testing\mochitest\tests\Harness_sanity\test_bug362788.xhtml (6 hits)
    Line 30:   [ "https://sb-ssl.google.com/safebrowsing/getkey?client=navclient-auto-ffox2.0&",
    Line 31:     "https://sb-ssl.google.com/safebrowsing/getkey" ],
    Line 32:   [ "https://sb-ssl.google.com/safebrowsing/getkey?client=navclient-auto-ffox2.0.0.1&",
    Line 33:     "https://sb-ssl.google.com/safebrowsing/getkey" ],
    Line 36:   [ "https://sb-ssl.google.com/safebrowsing/getkey",
    Line 37:     "https://sb-ssl.google.com/safebrowsing/getkey" ]
  mozilla-release\testing\mozbase\manifestparser\tests\mozmill-example.ini (2 hits)
    Line 65: [testSecurity/testSafeBrowsingNotificationBar.js]
    Line 66: [testSecurity/testSafeBrowsingWarningPages.js]
  mozilla-release\testing\profiles\prefs_general.js (8 hits)
    Line 87: user_pref("browser.safebrowsing.gethashURL", "http://%(server)s/safebrowsing-dummy/gethash");
    Line 87: user_pref("browser.safebrowsing.gethashURL", "http://%(server)s/safebrowsing-dummy/gethash");
    Line 88: user_pref("browser.safebrowsing.updateURL", "http://%(server)s/safebrowsing-dummy/update");
    Line 88: user_pref("browser.safebrowsing.updateURL", "http://%(server)s/safebrowsing-dummy/update");
    Line 89: user_pref("browser.safebrowsing.appRepURL", "http://%(server)s/safebrowsing-dummy/update");
    Line 89: user_pref("browser.safebrowsing.appRepURL", "http://%(server)s/safebrowsing-dummy/update");
    Line 90: user_pref("browser.trackingprotection.gethashURL", "http://%(server)s/safebrowsing-dummy/gethash");
    Line 91: user_pref("browser.trackingprotection.updateURL", "http://%(server)s/safebrowsing-dummy/update");
  mozilla-release\toolkit\components\downloads\ApplicationReputation.cpp (11 hits)
    Line 59: #define PREF_SB_APP_REP_URL "browser.safebrowsing.appRepURL"
    Line 60: #define PREF_SB_MALWARE_ENABLED "browser.safebrowsing.malware.enabled"
    Line 61: #define PREF_SB_DOWNLOADS_ENABLED "browser.safebrowsing.downloads.enabled"
    Line 62: #define PREF_SB_DOWNLOADS_REMOTE_ENABLED "browser.safebrowsing.downloads.remote.enabled"
    Line 179:   // http://sb-ssl.google.com/safebrowsing/csd/certificate/
    Line 210: // A single-use class for looking up a single URI in the safebrowsing DB. This
    Line 221:   // Look up the given URI in the safebrowsing DBs, optionally on both the allow
    Line 489:   // http://sb-ssl.google.com/safebrowsing/csd/certificate/<issuer_cert_fingerprint>[/CN=<cn>][/O=<org>][/OU=<unit>]
    Line 495:     "http://sb-ssl.google.com/safebrowsing/csd/certificate/");
    Line 927:   // Set the Safebrowsing cookie jar, so that the regular Google cookie is not
    Line 930:     new mozilla::LoadContext(NECKO_SAFEBROWSING_APP_ID);
  mozilla-release\toolkit\components\downloads\test\unit\test_app_rep.js (16 hits)
    Line 50:     do_print("Mock safebrowsing server handling request for " + redirectPath);
    Line 54:                        "application/vnd.google.safebrowsing-update", false);
    Line 62:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 64:   // Ensure safebrowsing is enabled for this test, even if the app
    Line 66:   Services.prefs.setBoolPref("browser.safebrowsing.malware.enabled", true);
    Line 67:   Services.prefs.setBoolPref("browser.safebrowsing.downloads.enabled", true);
    Line 69:     Services.prefs.clearUserPref("browser.safebrowsing.malware.enabled");
    Line 70:     Services.prefs.clearUserPref("browser.safebrowsing.downloads.enabled");
    Line 188:                        "application/vnd.google.safebrowsing-update", false);
    Line 196:   // Load up some update chunks for the safebrowsing server to serve.
    Line 222:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 239:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 258:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 275:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 293:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 311:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
  mozilla-release\toolkit\components\downloads\test\unit\test_app_rep_windows.js (24 hits)
    Line 150:     do_print("Mock safebrowsing server handling request for " + redirectPath);
    Line 154:                        "application/vnd.google.safebrowsing-update", false);
    Line 177:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 179:   // Ensure safebrowsing is enabled for this test, even if the app
    Line 181:   Services.prefs.setBoolPref("browser.safebrowsing.malware.enabled", true);
    Line 182:   Services.prefs.setBoolPref("browser.safebrowsing.downloads.enabled", true);
    Line 190:     Services.prefs.clearUserPref("browser.safebrowsing.malware.enabled");
    Line 191:     Services.prefs.clearUserPref("browser.safebrowsing.downloads.enabled");
    Line 263:                        "application/vnd.google.safebrowsing-update", false);
    Line 271:   // Load up some update chunks for the safebrowsing server to serve. This
    Line 273:   // sb-ssl.google.com/safebrowsing/csd/certificate/.
    Line 310:   // Wait for Safebrowsing local list updates to complete.
    Line 317:   Services.prefs.setBoolPref("browser.safebrowsing.downloads.remote.enabled",
    Line 319:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 348:   Services.prefs.setBoolPref("browser.safebrowsing.downloads.remote.enabled",
    Line 350:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 361:   Services.prefs.setBoolPref("browser.safebrowsing.downloads.remote.enabled",
    Line 363:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 373:   Services.prefs.setBoolPref("browser.safebrowsing.downloads.remote.enabled",
    Line 375:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 386:   Services.prefs.setBoolPref("browser.safebrowsing.downloads.remote.enabled",
    Line 388:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
    Line 407:   Services.prefs.setBoolPref("browser.safebrowsing.downloads.remote.enabled",
    Line 409:   Services.prefs.setCharPref("browser.safebrowsing.appRepURL",
  mozilla-release\toolkit\components\url-classifier\ChunkSet.cpp (1 hit)
    Line 9: namespace safebrowsing {
  mozilla-release\toolkit\components\url-classifier\ChunkSet.h (1 hit)
    Line 15: namespace safebrowsing {
  mozilla-release\toolkit\components\url-classifier\Classifier.cpp (5 hits)
    Line 28: #define STORE_DIRECTORY      NS_LITERAL_CSTRING("safebrowsing")
    Line 33: namespace safebrowsing {
    Line 104:   // Ensure the safebrowsing directory exists.
    Line 539:     // Remove the safebrowsing dir if it exists
    Line 754: } // namespace safebrowsing
  mozilla-release\toolkit\components\url-classifier\Classifier.h (1 hit)
    Line 20: namespace safebrowsing {
  mozilla-release\toolkit\components\url-classifier\content\listmanager.js (3 hits)
    Line 18: // Log only if browser.safebrowsing.debug is true
    Line 21:   var debug = prefs_.getPref("browser.safebrowsing.debug");
    Line 55:   // { safebrowsing-update-url: { goog-phish-shavar: true,
  mozilla-release\toolkit\components\url-classifier\content\moz\debug.js (2 hits)
    Line 22: //     the preference branch "safebrowsing-debug-service."
    Line 282:     this.prefix_ = opt_prefix ? opt_prefix : "safebrowsing-debug-service";
  mozilla-release\toolkit\components\url-classifier\content\xml-fetcher.js (3 hits)
    Line 34:  * Note, that XMLFetcher is only used for SafeBrowsing, therefore
    Line 36:  * channel to separate the safebrowsing cookie based on a reserved
    Line 44:   this.appId = Ci.nsIScriptSecurityManager.SAFEBROWSING_APP_ID;
  mozilla-release\toolkit\components\url-classifier\Entries.h (7 hits)
    Line 6: // This header file defines the storage types of the actual safebrowsing
    Line 23: namespace safebrowsing {
    Line 30: struct SafebrowsingHash
    Line 33:   typedef SafebrowsingHash<S, Comparator> self_type;
    Line 127: typedef SafebrowsingHash<PREFIX_SIZE, PrefixComparator> Prefix;
    Line 137: typedef SafebrowsingHash<COMPLETE_SIZE, CompletionComparator> Completion;
    Line 312: } // namespace safebrowsing
  mozilla-release\toolkit\components\url-classifier\HashStore.cpp (6 hits)
    Line 41: // Main store for SafeBrowsing protocol data. We store
    Line 91: // Name of the SafeBrowsing store
    Line 110:       NS_WARNING("SafeBrowsing OOM.");                                    \
    Line 114:       NS_WARNING("SafeBrowsing store corrupted or out of date.");         \
    Line 121: namespace safebrowsing {
    Line 336:       NS_WARNING("SafeBrowsing file isn't long enough to store its checksum");
  mozilla-release\toolkit\components\url-classifier\HashStore.h (1 hit)
    Line 18: namespace safebrowsing {
  mozilla-release\toolkit\components\url-classifier\LookupCache.cpp (1 hit)
    Line 46: namespace safebrowsing {
  mozilla-release\toolkit\components\url-classifier\LookupCache.h (1 hit)
    Line 19: namespace safebrowsing {
  mozilla-release\toolkit\components\url-classifier\moz.build (1 hit)
    Line 54:     'SafeBrowsing.jsm',
  mozilla-release\toolkit\components\url-classifier\nsIUrlClassifierDBService.idl (3 hits)
    Line 12: [ptr] native ResultArray(nsTArray<mozilla::safebrowsing::LookupResult>);
    Line 13: [ptr] native CacheCompletionArray(nsTArray<mozilla::safebrowsing::CacheResult>);
    Line 14: [ptr] native PrefixArray(mozilla::safebrowsing::PrefixArray);
  mozilla-release\toolkit\components\url-classifier\nsUrlClassifierDBService.cpp (6 hits)
    Line 54: using namespace mozilla::safebrowsing;
    Line 67: #define CHECK_MALWARE_PREF      "browser.safebrowsing.malware.enabled"
    Line 70: #define CHECK_PHISHING_PREF     "browser.safebrowsing.enabled"
    Line 361:     NS_ERROR("Unable to open SafeBrowsing database");
    Line 413:     NS_ERROR("Unable to open SafeBrowsing database");
    Line 868:   mozilla::safebrowsing::Completion hash;
  mozilla-release\toolkit\components\url-classifier\nsUrlClassifierDBService.h (6 hits)
    Line 37: using namespace mozilla::safebrowsing;
    Line 44: namespace safebrowsing {
    Line 74:   nsresult CacheCompletions(mozilla::safebrowsing::CacheResultArray *results);
    Line 75:   nsresult CacheMisses(mozilla::safebrowsing::PrefixArray *results);
    Line 194:   nsAutoPtr<mozilla::safebrowsing::Classifier> mClassifier;
    Line 203:   nsTArray<mozilla::safebrowsing::TableUpdate*> mTableUpdates;
  mozilla-release\toolkit\components\url-classifier\nsUrlClassifierLib.js (1 hit)
    Line 6: // the common JS files used by safebrowsing and url-classifier into a
  mozilla-release\toolkit\components\url-classifier\nsUrlClassifierProxies.cpp (1 hit)
    Line 11: using namespace mozilla::safebrowsing;
  mozilla-release\toolkit\components\url-classifier\nsUrlClassifierProxies.h (9 hits)
    Line 126:                              mozilla::safebrowsing::CacheResultArray *aEntries)
    Line 135:      mozilla::safebrowsing::CacheResultArray *mEntries;
    Line 142:                         mozilla::safebrowsing::PrefixArray *aEntries)
    Line 151:     mozilla::safebrowsing::PrefixArray *mEntries;
    Line 160:                           mozilla::safebrowsing::LookupResultArray* results)
    Line 173:     mozilla::safebrowsing::LookupResultArray* mResults;
    Line 179:                          mozilla::safebrowsing::LookupResultArray* results);
    Line 204:                            mozilla::safebrowsing::LookupResultArray *aResults)
    Line 213:     mozilla::safebrowsing::LookupResultArray * mResults;
  mozilla-release\toolkit\components\url-classifier\nsUrlClassifierStreamUpdater.cpp (6 hits)
    Line 122:     mChannel->SetContentType(NS_LITERAL_CSTRING("application/vnd.google.safebrowsing-update"));
    Line 133:   // Create a custom LoadContext for SafeBrowsing, so we can use callbacks on
    Line 134:   // the channel to query the appId which allows separation of safebrowsing
    Line 137:     new mozilla::LoadContext(NECKO_SAFEBROWSING_APP_ID);
    Line 364:     NS_WARNING("Unable to initialize timer, fetching next safebrowsing item immediately");
    Line 376:     NS_WARNING("Didn't fetch all safebrowsing update redirects");
  mozilla-release\toolkit\components\url-classifier\ProtocolParser.cpp (2 hits)
    Line 26: namespace safebrowsing {
    Line 631: } // namespace safebrowsing
  mozilla-release\toolkit\components\url-classifier\ProtocolParser.h (1 hit)
    Line 13: namespace safebrowsing {
  mozilla-release\toolkit\components\url-classifier\SafeBrowsing.jsm (11 hits)
    Line 5: this.EXPORTED_SYMBOLS = ["SafeBrowsing"];
    Line 39:   let msg = "SafeBrowsing: " + d.toTimeString() + ": " + stuff.join(" ");
    Line 44: this.SafeBrowsing = {
    Line 52:     Services.prefs.addObserver("browser.safebrowsing", this.readPrefs.bind(this), false);
    Line 108:     debug = Services.prefs.getBoolPref("browser.safebrowsing.debug");
    Line 109:     this.phishingEnabled = Services.prefs.getBoolPref("browser.safebrowsing.enabled");
    Line 110:     this.malwareEnabled = Services.prefs.getBoolPref("browser.safebrowsing.malware.enabled");
    Line 125:       var clientID = Services.prefs.getCharPref("browser.safebrowsing.id");
    Line 131:     let basePref = "browser.safebrowsing.";
    Line 145:     this.updateURL  = this.updateURL.replace("SAFEBROWSING_ID", clientID);
    Line 146:     this.gethashURL = this.gethashURL.replace("SAFEBROWSING_ID", clientID);
  mozilla-release\toolkit\components\url-classifier\tests\mochitest\test_classifier.html (1 hit)
    Line 53:         {"set" : [["browser.safebrowsing.malware.enabled", true]]},
  mozilla-release\toolkit\components\url-classifier\tests\mochitest\test_classifier_worker.html (1 hit)
    Line 48:         {"set" : [["browser.safebrowsing.malware.enabled", true]]},
  mozilla-release\toolkit\components\url-classifier\tests\unit\head_urlclassifier.js (9 hits)
    Line 31: prefBranch.setBoolPref("browser.safebrowsing.malware.enabled", true);
    Line 32: prefBranch.setBoolPref("browser.safebrowsing.enabled", true);
    Line 53:   delFile("safebrowsing/classifier.hashkey");
    Line 54:   delFile("safebrowsing/test-phish-simple.sbstore");
    Line 55:   delFile("safebrowsing/test-malware-simple.sbstore");
    Line 56:   delFile("safebrowsing/test-phish-simple.cache");
    Line 57:   delFile("safebrowsing/test-malware-simple.cache");
    Line 58:   delFile("safebrowsing/test-phish-simple.pset");
    Line 59:   delFile("safebrowsing/test-malware-simple.pset");
  mozilla-release\toolkit\components\url-classifier\tests\unit\test_digest256.js (5 hits)
    Line 7: // Global test server for serving safebrowsing updates.
    Line 48:     do_print("Mock safebrowsing server handling request for " + redirectPath);
    Line 51:                        "application/vnd.google.safebrowsing-update", false);
    Line 82:                        "application/vnd.google.safebrowsing-update", false);
    Line 106:   // Load up some update chunks for the safebrowsing server to serve.
  mozilla-release\toolkit\components\url-classifier\tests\unittests.xul (2 hits)
    Line 60:     var site1 = "google.com/safebrowsing/";
    Line 68:     G_Assert(z, siteTable.exists("http://www.google.com/safebrowsing/1.php"),
  mozilla-release\toolkit\components\viewsource\content\viewSource.js (1 hit)
    Line 261:           let reportURL = Services.urlFormatter.formatURLPref("browser.safebrowsing.malware.reportURL", true);
  mozilla-release\toolkit\content\aboutRights.xhtml (6 hits)
    Line 49:     <p><strong>&rights.safebrowsing-a;</strong>&rights.safebrowsing-b;</p>
    Line 49:     <p><strong>&rights.safebrowsing-a;</strong>&rights.safebrowsing-b;</p>
    Line 51:       <li>&rights.safebrowsing-term1;</li>
    Line 52:       <li>&rights.safebrowsing-term2;</li>
    Line 53:       <li>&rights.safebrowsing-term3;</li>
    Line 54:       <li>&rights.safebrowsing-term4;</li>
  mozilla-release\toolkit\devtools\webconsole\test\unit\test_network_helper.js (1 hit)
    Line 46:   do_check_eq(NetworkHelper.isTextMimeType("application/vnd.google.safebrowsing-chunk"), false);
  mozilla-release\toolkit\locales\en-US\chrome\global\aboutRights.dtd (7 hits)
    Line 59: <!ENTITY rights.safebrowsing-a "SafeBrowsing: ">
    Line 59: <!ENTITY rights.safebrowsing-a "SafeBrowsing: ">
    Line 60: <!ENTITY rights.safebrowsing-b "Disabling the Safe Browsing feature is not recommended as it may result in you going to unsafe sites.  If you wish to disable the feature completely, follow these steps:">
    Line 61: <!ENTITY rights.safebrowsing-term1 "Open the application preferences">
    Line 62: <!ENTITY rights.safebrowsing-term2 "Select the Security selection">
    Line 63: <!ENTITY rights.safebrowsing-term3 "Uncheck the options to &quot;&blockAttackSites.label;&quot; and &quot;&blockWebForgeries.label;&quot;">
    Line 64: <!ENTITY rights.safebrowsing-term4 "Safe Browsing is now disabled">

This actually leaks information to Google.

Atavic · 2017-05-04T17:17:51Z

shavar.services.mozilla.com is hosted on AmazonCDN.

Although the API is the same, Mozilla modified its usage:
SAFEBROWSING_ID is not the same as Google API_KEY

See:arkenfox/user.js#102 (comment)

Atavic · 2018-09-17T15:52:37Z

Also, why on earth is HTTPS needed for downloading a list of SHA256 hashes from URLs?

HTTPS is way overused in general. Particularly here it is simply not needed because the content is a list of hashes with no personal info whatsoever.

fmarier · 2018-09-17T17:23:05Z

Also, why on earth is HTTPS needed for downloading a list of SHA256 hashes from URLs?

Because otherwise your network provider could change the list that's sent to Firefox (for example, whitelisting their own trackers or blocking their competitors').

HTTPS is not just about encryption, it's also about integrity protection.

pyllyukko closed this as completed in fd6cf46 Jun 28, 2015

pyllyukko referenced this issue Jul 4, 2015

Disable safe browsing for downloaded files

6d72adb

This actually leaks information to Google.

pyllyukko mentioned this issue Mar 31, 2016

Consider lockPref() and mozilla.cfg #134

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tracking protection uses the same API as Google Safe Browsing #22

Tracking protection uses the same API as Google Safe Browsing #22

amq commented Jun 28, 2015

pyllyukko commented Jun 28, 2015

amq commented Jun 28, 2015

amq commented Jun 28, 2015

pyllyukko commented Jun 28, 2015

amq commented Jun 28, 2015

pyllyukko commented Jun 28, 2015

pyllyukko commented Jun 28, 2015

amq commented Jun 28, 2015

Atavic commented May 4, 2017 •

edited

Loading

Atavic commented Sep 17, 2018

fmarier commented Sep 17, 2018

Tracking protection uses the same API as Google Safe Browsing #22

Tracking protection uses the same API as Google Safe Browsing #22

Comments

amq commented Jun 28, 2015

pyllyukko commented Jun 28, 2015

amq commented Jun 28, 2015

amq commented Jun 28, 2015

pyllyukko commented Jun 28, 2015

amq commented Jun 28, 2015

pyllyukko commented Jun 28, 2015

pyllyukko commented Jun 28, 2015

amq commented Jun 28, 2015

Atavic commented May 4, 2017 • edited Loading

Atavic commented Sep 17, 2018

fmarier commented Sep 17, 2018

Atavic commented May 4, 2017 •

edited

Loading