Bug#667050: iceweasel: "Block reported attack sites/web forgeries" should mention its use of Google and allow opt-out

Stephen Crowley stephen.crowley at hushmail.com
Tue Apr 3 17:18:51 UTC 2012 

Package: iceweasel
Version: 10.0.3esr-2
Severity: normal

Dear Maintainer,
I was curious about the following excessive access to the url GET
http://safebrowsing-cache.google.com/safebrowsing/... and realized 
it
was coming from firefox by having the "Block reported attack 
sites/web
forgeries" option. I consider this network spam a bit of a security
risk considering all the skullduggery going on with the net these
days, at the very least the menu option should explicltly state 
that it
will bombard google with requests for this data.

-- Package-specific info:


-- Addons package information

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iceweasel depends on:
ii  debianutils         4.2.1
ii  fontconfig          2.8.0-3.1
ii  libc6               2.13-27
ii  libgdk-pixbuf2.0-0  2.24.1-1
ii  libglib2.0-0        2.30.2-6
ii  libgtk2.0-0         2.24.10-1
ii  libnspr4-0d         4.9-1
ii  libstdc++6          4.7.0-1
ii  procps              1:3.3.2-3
ii  xulrunner-10.0      10.0.3esr-2

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
ii  libgssapi-krb5-2    1.10+dfsg~beta1-2
ii  mozplugger          <none>
ii  ttf-lyx             2.0.3-2
ii  ttf-mathematica4.1  <none>
ii  xfonts-mathml       4

Versions of packages xulrunner-10.0 depends on:
ii  libasound2                1.0.25-2
ii  libatk1.0-0               2.2.0-2
ii  libbz2-1.0                1.0.6-1
ii  libc6                     2.13-27
ii  libcairo2                 1.10.2-7
ii  libdbus-1-3               1.4.18-1
ii  libdbus-glib-1-2          0.98-1
ii  libevent-2.0-5            2.0.17-stable-1
ii  libfontconfig1            2.8.0-3.1
ii  libfreetype6              2.4.8-1
ii  libgcc1                   1:4.7.0-1
ii  libgdk-pixbuf2.0-0        2.24.1-1
ii  libglib2.0-0              2.30.2-6
ii  libgtk2.0-0               2.24.10-1
ii  libhunspell-1.3-0         1.3.2-4
ii  libjpeg8                  8d-1
ii  libmozjs10d               10.0.3esr-2
ii  libnotify4                0.7.4-1
ii  libnspr4-0d               4.9-1
ii  libnss3-1d                3.13.3-1
ii  libpango1.0-0             1.29.4-3+b1
ii  libpixman-1-0             0.24.4-1
ii  libreadline6              6.2-8
ii  libsqlite3-0              3.7.11-2
ii  libstartup-notification0  0.12-1
ii  libstdc++6                4.7.0-1
ii  libvpx1                   1.0.0-2
ii  libx11-6                  2:1.4.4-4
ii  libxext6                  2:1.3.0-3
ii  libxrender1               1:0.9.6-2
ii  libxt6                    1:1.1.1-2
ii  zlib1g                    1:1.2.6.dfsg-2

Versions of packages xulrunner-10.0 suggests:
ii  libcanberra0  0.28-3
ii  libgnomeui-0  2.24.5-2

-- no debconf information

More information about the pkg-mozilla-maintainers mailing list