Mozilla Yanks Firefox Anti-Phishing Feature
When Mozilla rolls out Firefox 22.214.171.124, the browser will be missing the anti-phishing feature that the aging browser has sported since it debuted in 2006, said Mike Beltzner, director of Firefox, in an e-mail Thursday.
"The latest published update for Firefox 2, which is version 126.96.36.199, has the Phishing Protection feature enabled and working," Beltzner said. "However, the next planned update for Firefox 2, version 188.8.131.52, will be required to disable this feature."
Firefox 184.108.40.206, which will be the last security update for the browser before Mozilla discontinues support, is currently slated to ship on Dec. 16, according to notes from a status meeting earlier this week. Mozilla's policy is to support a browser for six months after it's been superseded by a new version. The company unveiled Firefox 3.0 in mid-June.
Dubbed "Phishing Protection" by Mozilla, the feature warns users when they attempt to reach a site suspected of hosting identity theft scams. The list of blocked sites is generated by Google, the search company that provided 88% of Mozilla's revenue during 2007.
Beltzner said Google asked Mozilla to disable the feature in Firefox 220.127.116.11 because the older browser line uses an obsolete protocol.
"The Phishing Protection feature in Firefox 2 relies on data provided by Google via the first version of the SafeBrowsing protocol," said Beltzner, who explained that Google and Mozilla had worked together to update the protocol, first to SafeBrowsing v2.1 late last year, and more recently, to SafeBrowsing v2.2.
Firefox 3.0 has relied on SafeBrowsing v2.1 since its release several months ago, but is transitioning to v2.2 this month for its anti-phishing and anti-malware features, both which ping Google's servers for blacklists.
"Now that Firefox 2 is reaching the end of its support lifespan, we have been asked to turn this feature off as Google will no longer be supporting requests using the obsolete SafeBrowsing v1 protocol," said Beltzner.
Users who download Firefox 18.104.22.168, or update to that version later this month, will be told that the feature has been switched off, Beltzner said.
Firefox 3.0, which is currently at 3.0.4 and scheduled to update to 3.0.5 at the same time Mozilla ships the final Firefox 2.0 update, will continue to offer anti-phishing protection. Users of the older browser can update to the newer line by downloading Firefox 3.0, or accepting the automatic upgrade offer that will begin reaching them Thursday.
Beltzner said that Mozilla won't offer any anti-phishing work-arounds for Firefox 22.214.171.124 users who want to keep using the older browser, but noted that there are similar tools available elsewhere. Alternatives to Firefox's built-in protection include the Netcraft Toolbar, WOT (Web of Trust) and FirePhish extensions, which can be downloaded from Mozilla's add-on site.