From MozillaZine Knowledge Base

Background

Firefox 2.0 incorporates the Google Safe Browsing extension in its own Phishing Protection feature to detect and warn users of phishy web sites.

When Safe Browsing is set to compare visited URLs against a remote blacklist, the URLs are encrypted with a key before they are transmitted. The key is requested from the URL in this preference each time the browser starts if this Safe Browsing service is selected in browser.safebrowsing.dataProvider.

This is an enumerated preference: all preferences whose names start with browser.safebrowsing.provider. are read to generate the list of Safe Browsing providers. The * in the preference name is a non-negative integer, and matches the number in the other preferences needed to describe a provider. It also determines the order in which the providers appear in the options dialog.

Possible values and their effects

The URL from which the key for encrypting URLs is retrieved.

By default, the following preference and value exists:

browser.safebrowsing.provider.0.keyURL

https://sb-ssl.google.com/safebrowsing/getkey?client={moz:client}&

Trunk builds:

browser.safebrowsing.provider.0.keyURL

https://sb-ssl.google.com/safebrowsing/newkey?client={moz:client}&appver={moz:version}&pver=2.1

(The string {moz:client} is replaced by 'navclient-auto-ffox' plus the version number for official builds.)

Caveats

• browser.safebrowsing.enabled must be true for this preference to have an effect.
• This preference only has an effect if browser.safebrowsing.remoteLookups is true (when “advanced mode” is on).
• If this preference does not refer to an HTTPS URL, submissions to the Safe Browsing server should be considered insecure.

First checked in

2006-05-12 by Brett Wilson

Has an effect in

• Mozilla Firefox (nightly builds since 2006-05-12; 2.0a3 and above)

Related bugs

• Bug 329292 - add SafeBrowsing anti-phishing extension to trunk for evaluation
• Bug 336832 - set pref defaults for safe browsing
• Bug 349234 - we need to reduce the number of remote lookups per user
• Bug 354393 - key update url should point to sb-ssl.google.com
• Bug 360387 - Verify HMAC of safebrowsing updates

Related preferences

• browser.safebrowsing.dataProvider
• browser.safebrowsing.enabled
• browser.safebrowsing.provider.*
• browser.safebrowsing.provider.*.lookupURL
• browser.safebrowsing.provider.*.name
• browser.safebrowsing.provider.*.privacy.fallbackurl
• browser.safebrowsing.provider.*.privacy.optedIn
• browser.safebrowsing.provider.*.privacy.url
• browser.safebrowsing.provider.*.reportErrorURL
• browser.safebrowsing.provider.*.reportGenericURL
• browser.safebrowsing.provider.*.reportPhishURL
• browser.safebrowsing.provider.*.reportURL
• browser.safebrowsing.provider.*.updateURL
• browser.safebrowsing.remoteLookups
• browser.safebrowsing.warning.infoURL
• urlclassifier.keyupdatetime.*
• urlclassifier.tableversion.*

External links

• Phishing Protection - MozillaWiki