Phishing protection technology lets Firefox help protect users by comparing the URLs the user visits to a blacklist of known scam sites, and presenting a warning to the user when they visit a site on the list.
Installing a new data provider
To install a data provider for phishing protection, it's necessary to set a series of preferences to provide details about the provider.
Each data provider has a unique ID number. The data provider with the ID number 0 is the default data provider shipped with Firefox. When installing a new provider, you should use the next unused number.
To find an ID number to use, you can build a loop that requests the value of browser.safebrowsing.provider.0.name
, then browser.safebrowsing.provider.1.name
, and so forth until no value is returned. Then you can use that value.
You can find examples of how to read and write preferences in the article Adding preferences to an extension.
Required preferences
-
browser.safebrowsing.provider.idnum.name
- A human-readable name for the data provider.
-
browser.safebrowsing.provider.idnum.keyURL
- An URL that returns a private key to be used for encrypting of other requests.
-
browser.safebrowsing.provider.idnum.lookupURL
- The URL to use to look up URLs to see if they're blacklisted. This request must be encrypted using the private key returned by the
keyURL
request.
Optional preferences
-
browser.safebrowsing.provider.idnum.reportURL
- An URL used for reporting when users visit phishing pages and whether or not they decided to heed the warning or to ignore it.
-
browser.safebrowsing.provider.idnum.updateURL
- An URL used to request an updated list of phishing sites. The server either provides a full list or incremental updates in order to bring the client's tables up to date.
-
browser.safebrowsing.provider.idnum.reportGenericURL
- Not currently used; intended for use in reporting other issues with the phishing protection service.
-
browser.safebrowsing.provider.idnum.reportErrorURL
- An URL to which the user is directed in order to report a safe page that is incorrectly being reported as a phishing site.
-
browser.safebrowsing.provider.idnum.reportPhishURL
- An URL to which the user is directed in order to report a phishing site that isn't detected by the phishing protection system.
Determining the currently-selected data provider
If you need to determine the ID number of the currently selected anti-phishing data provider, you can look at the current value of the preference browser.safebrowsing.dataProvider
.