Computerworld reports that the final update for Firefox 2.0 will not only contain security fixes, but also remove an important safety feature: the safe browsing support that warns users when they attempt to access a potentially unsafe site:
Google asked Mozilla to disable the feature in Firefox 220.127.116.11 that warns users of sites suspected of hosting identity fraud scams because the older browsers rely on an outdated SafeBrowsing protocol that Google is not supporting anymore, Mike Beltzner, director of Firefox, told Computerworld.
The latest version of the SafeBrowsing protocol is much more efficient; the Chromium team provides an excellent overview of the way this is designed. It provides for incremental updates, and only transfers 32 bits of the full SHA-256 hashes. More data is only requested when a possible match is found.
This leaves Firefox 2.0 users with two options: upgrading to version 3.0 or installing a plugin that provides malware and phishing detection, such as the Netcraft toolbar. There might be other browsers that use the old version as well; it’s unknown at this time how these will react is Google turns off access to clients using the older API. Will the be stuck with an outdated list of phishing sites forever, or will their phishing protection automatically disable itself if updates are unavaliable? According to the API documentation, browsers should stop warning about unsafe sites when their database is more than 30 minutes old, but it remains to be seen how browsers will actually handle this.