Bug 1147212 - Add support for goog-unwanted-shavar. r=gcp,r=matej,r=smaug

b2g/locales/en-US/chrome/overrides/appstrings.properties

@@ -30,6 +30,7 @@ externalProtocolUnknown=<Unknown>
 externalProtocolChkMsg=Remember my choice for all links of this type.
 externalProtocolLaunchBtn=Launch application
 malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
+unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
 phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
 cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
 corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.

browser/base/content/aboutNetError.xhtml

@@ -374,6 +374,7 @@
         <h1 id="et_nssFailure2">&nssFailure2.title;</h1>
         <h1 id="et_nssBadCert">&nssBadCert.title;</h1>
         <h1 id="et_malwareBlocked">&malwareBlocked.title;</h1>
+        <h1 id="et_unwantedBlocked">&unwantedBlocked.title;</h1>
         <h1 id="et_cspBlocked">&cspBlocked.title;</h1>
         <h1 id="et_remoteXUL">&remoteXUL.title;</h1>
         <h1 id="et_corruptedContentError">&corruptedContentError.title;</h1>
@@ -401,6 +402,7 @@
         <div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
         <div id="ed_nssBadCert">&nssBadCert.longDesc2;</div>
         <div id="ed_malwareBlocked">&malwareBlocked.longDesc;</div>
+        <div id="ed_unwantedBlocked">&unwantedBlocked.longDesc;</div>
         <div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
         <div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
         <div id="ed_corruptedContentError">&corruptedContentError.longDesc;</div>

browser/base/content/blockedSite.xhtml

@@ -79,6 +79,9 @@
           case "phishingBlocked" :
             initPage_phishing();
             break;
+          case "unwantedBlocked" :
+            initPage_unwanted();
+            break;
         }
       }        
       
@@ -87,7 +90,7 @@
        */
       function initPage_malware()
       {
-        // Remove phishing strings
+        // Remove phishing and unwanted strings
         var el = document.getElementById("errorTitleText_phishing");
         el.parentNode.removeChild(el);
 
@@ -97,18 +100,57 @@
         el = document.getElementById("errorLongDescText_phishing");
         el.parentNode.removeChild(el);
 
+        el = document.getElementById("errorTitleText_unwanted");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorShortDescText_unwanted");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorLongDescText_unwanted");
+        el.parentNode.removeChild(el);
+
         // Set sitename
         document.getElementById("malware_sitename").textContent = getHostString();
         document.title = document.getElementById("errorTitleText_malware")
                                  .innerHTML;
       }
       
+      /**
+       * Initialize custom strings and functionality for blocked malware case
+       */
+      function initPage_unwanted()
+      {
+        // Remove phishing and malware strings
+        var el = document.getElementById("errorTitleText_phishing");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorShortDescText_phishing");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorLongDescText_phishing");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorTitleText_malware");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorShortDescText_malware");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorLongDescText_malware");
+        el.parentNode.removeChild(el);
+
+        // Set sitename
+        document.getElementById("unwanted_sitename").textContent = getHostString();
+        document.title = document.getElementById("errorTitleText_unwanted")
+                                 .innerHTML;
+      }
+      
       /**
        * Initialize custom strings and functionality for blocked phishing case
        */
       function initPage_phishing()
       {
-        // Remove malware strings
+        // Remove malware and unwanted strings
         var el = document.getElementById("errorTitleText_malware");
         el.parentNode.removeChild(el);
 
@@ -118,6 +160,15 @@
         el = document.getElementById("errorLongDescText_malware");
         el.parentNode.removeChild(el);
 
+        el = document.getElementById("errorTitleText_unwanted");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorShortDescText_unwanted");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorLongDescText_unwanted");
+        el.parentNode.removeChild(el);
+
         // Set sitename
         document.getElementById("phishing_sitename").textContent = getHostString();
         document.title = document.getElementById("errorTitleText_phishing")
@@ -161,6 +212,7 @@
       <div id="errorTitle">
         <h1 id="errorTitleText_phishing">&safeb.blocked.phishingPage.title;</h1>
         <h1 id="errorTitleText_malware">&safeb.blocked.malwarePage.title;</h1>
+        <h1 id="errorTitleText_unwanted">&safeb.blocked.unwantedPage.title;</h1>
       </div>
       
       <div id="errorLongContent">
@@ -169,12 +221,14 @@
         <div id="errorShortDesc">
           <p id="errorShortDescText_phishing">&safeb.blocked.phishingPage.shortDesc;</p>
           <p id="errorShortDescText_malware">&safeb.blocked.malwarePage.shortDesc;</p>
+          <p id="errorShortDescText_unwanted">&safeb.blocked.unwantedPage.shortDesc;</p>
         </div>
 
         <!-- Long Description -->
         <div id="errorLongDesc">
           <p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc;</p>
           <p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
+          <p id="errorLongDescText_unwanted">&safeb.blocked.unwantedPage.longDesc;</p>
         </div>
         
         <!-- Action buttons -->

browser/base/content/browser.js

@@ -2659,7 +2659,7 @@ let BrowserOnClick = {
                               msg.data.sslStatusAsString);
       break;
       case "Browser:SiteBlockedError":
-        this.onAboutBlocked(msg.data.elementId, msg.data.isMalware,
+        this.onAboutBlocked(msg.data.elementId, msg.data.reason,
                             msg.data.isTopFrame, msg.data.location);
       break;
       case "Browser:EnableOnlineMode":
@@ -2843,10 +2843,15 @@ let BrowserOnClick = {
     }
   },
 
-  onAboutBlocked: function (elementId, isMalware, isTopFrame, location) {
+  onAboutBlocked: function (elementId, reason, isTopFrame, location) {
-    // Depending on what page we are displaying here (malware/phishing)
+    // Depending on what page we are displaying here (malware/phishing/unwanted)
     // use the right strings and links for each.
-    let bucketName = isMalware ? "WARNING_MALWARE_PAGE_":"WARNING_PHISHING_PAGE_";
+    let bucketName = "WARNING_PHISHING_PAGE_";
+    if (reason === 'malware') {
+      bucketName = "WARNING_MALWARE_PAGE_";
+    } else if (reason === 'unwanted') {
+      bucketName = "WARNING_UNWANTED_PAGE_";
+    }
     let secHistogram = Services.telemetry.getHistogramById("SECURITY_UI");
     let nsISecTel = Ci.nsISecurityUITelemetry;
     bucketName += isTopFrame ? "TOP_" : "FRAME_";
@@ -2857,33 +2862,19 @@ let BrowserOnClick = {
         break;
 
       case "reportButton":
-        // This is the "Why is this site blocked" button.  For malware,
+        // This is the "Why is this site blocked" button. We redirect
-        // we can fetch a site-specific report, for phishing, we redirect
+        // to the generic page describing phishing/malware protection.
-        // to the generic page describing phishing protection.
 
-        // We log even if malware/phishing info URL couldn't be found:
+        // We log even if malware/phishing/unwanted info URL couldn't be found:
         // the measurement is for how many users clicked the WHY BLOCKED button
         secHistogram.add(nsISecTel[bucketName + "WHY_BLOCKED"]);
 
-        if (isMalware) {
+        openHelpLink("phishing-malware", false, "current");
-          // Get the stop badware "why is this blocked" report url,
-          // append the current url, and go there.
-          try {
-            let reportURL = formatURL("browser.safebrowsing.malware.reportURL", true);
-            reportURL += location;
-            gBrowser.loadURI(reportURL);
-          } catch (e) {
-            Components.utils.reportError("Couldn't get malware report URL: " + e);
-          }
-        }
-        else { // It's a phishing site, not malware
-          openHelpLink("phishing-malware", false, "current");
-        }
         break;
 
       case "ignoreWarningButton":
         secHistogram.add(nsISecTel[bucketName + "IGNORE_WARNING"]);
-        this.ignoreWarningButton(isMalware);
+        this.ignoreWarningButton(reason);
         break;
     }
   },
@@ -2910,7 +2901,7 @@ let BrowserOnClick = {
     }
   },
 
-  ignoreWarningButton: function (isMalware) {
+  ignoreWarningButton: function (reason) {
     // Allow users to override and continue through to the site,
     // but add a notify bar as a reminder, so that they don't lose
     // track after, e.g., tab switching.
@@ -2929,7 +2920,7 @@ let BrowserOnClick = {
     }];
 
     let title;
-    if (isMalware) {
+    if (reason === 'malware') {
       title = gNavigatorBundle.getString("safebrowsing.reportedAttackSite");
       buttons[1] = {
         label: gNavigatorBundle.getString("safebrowsing.notAnAttackButton.label"),
@@ -2938,7 +2929,7 @@ let BrowserOnClick = {
           openUILinkIn(gSafeBrowsing.getReportURL('MalwareError'), 'tab');
         }
       };
-    } else {
+    } else if (reason === 'phishing') {
       title = gNavigatorBundle.getString("safebrowsing.reportedWebForgery");
       buttons[1] = {
         label: gNavigatorBundle.getString("safebrowsing.notAForgeryButton.label"),
@@ -2947,6 +2938,10 @@ let BrowserOnClick = {
           openUILinkIn(gSafeBrowsing.getReportURL('Error'), 'tab');
         }
       };
+    } else if (reason === 'unwanted') {
+      title = gNavigatorBundle.getString("safebrowsing.reportedUnwantedSite");
+      // There is no button for reporting errors since Google doesn't currently
+      // provide a URL endpoint for these reports.
     }
 
     let notificationBox = gBrowser.getNotificationBox();

browser/base/content/content.js

@@ -384,9 +384,15 @@ let ClickEventHandler = {
   },
 
   onAboutBlocked: function (targetElement, ownerDoc) {
+    var reason = 'phishing';
+    if (/e=malwareBlocked/.test(ownerDoc.documentURI)) {
+      reason = 'malware';
+    } else if (/e=unwantedBlocked/.test(ownerDoc.documentURI)) {
+      reason = 'unwanted';
+    }
     sendAsyncMessage("Browser:SiteBlockedError", {
       location: ownerDoc.location.href,
-      isMalware: /e=malwareBlocked/.test(ownerDoc.documentURI),
+      reason: reason,
       elementId: targetElement.getAttribute("id"),
       isTopFrame: (ownerDoc.defaultView.parent === ownerDoc.defaultView)
     });

browser/components/safebrowsing/content/test/browser_bug400731.js

@@ -34,6 +34,25 @@ function testMalware(event) {
   var style = content.getComputedStyle(el, null);
   is(style.display, "inline-block", "Ignore Warning button should be display:inline-block for malware");
   
+  // Now launch the unwanted software test
+  window.addEventListener("DOMContentLoaded", testUnwanted, true);
+  content.location = "http://www.itisatrap.org/firefox/unwanted.html";
+}
+
+function testUnwanted(event) {
+  if (event.target != gBrowser.selectedBrowser.contentDocument) {
+    return;
+  }
+
+  window.removeEventListener("DOMContentLoaded", testUnwanted, true);
+
+  // Confirm that "Ignore this warning" is visible - bug 422410
+  var el = content.document.getElementById("ignoreWarningButton");
+  ok(el, "Ignore warning button should be present for unwanted software");
+
+  var style = content.getComputedStyle(el, null);
+  is(style.display, "inline-block", "Ignore Warning button should be display:inline-block for unwanted software");
+
   // Now launch the phishing test
   window.addEventListener("DOMContentLoaded", testPhishing, true);
   content.location = "http://www.itisatrap.org/firefox/its-a-trap.html";

browser/components/safebrowsing/content/test/head.js

@@ -1,5 +1,5 @@
 // Force SafeBrowsing to be initialized for the tests
-Services.prefs.setCharPref("urlclassifier.malwareTable", "test-malware-simple");
+Services.prefs.setCharPref("urlclassifier.malwareTable", "test-malware-simple,test-unwanted-simple");
 Services.prefs.setCharPref("urlclassifier.phishTable", "test-phish-simple");
 SafeBrowsing.init();
 

browser/locales/en-US/chrome/browser/browser.properties

@@ -398,6 +398,7 @@ safebrowsing.notAForgeryButton.accessKey=F
 safebrowsing.reportedAttackSite=Reported Attack Site!
 safebrowsing.notAnAttackButton.label=This isn't an attack site…
 safebrowsing.notAnAttackButton.accessKey=A
+safebrowsing.reportedUnwantedSite=Reported Unwanted Software Site!
 
 # Ctrl-Tab
 # LOCALIZATION NOTE (ctrlTab.listAllTabs.label): #1 represents the number

browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd

@@ -12,6 +12,11 @@
 <!ENTITY safeb.blocked.malwarePage.shortDesc "This web page at <span id='malware_sitename'/> has been reported as an attack page and has been blocked based on your security preferences.">
 <!ENTITY safeb.blocked.malwarePage.longDesc "<p>Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.</p><p>Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.</p>">
 
+<!ENTITY safeb.blocked.unwantedPage.title "Reported Unwanted Software Page!">
+<!-- Localization note (safeb.blocked.malware.shortDesc) - Please don't translate the contents of the <span id="unwanted_sitename"/> tag.  It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
+<!ENTITY safeb.blocked.unwantedPage.shortDesc "This web page at <span id='unwanted_sitename'/> has been reported to contain unwanted software and has been blocked based on your security preferences.">
+<!ENTITY safeb.blocked.unwantedPage.longDesc "<p>Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.</p>">
+
 <!ENTITY safeb.blocked.phishingPage.title "Reported Web Forgery!">
 <!-- Localization note (safeb.blocked.phishing.shortDesc) - Please don't translate the contents of the <span id="phishing_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
 <!ENTITY safeb.blocked.phishingPage.shortDesc "This web page at <span id='phishing_sitename'/> has been reported as a web forgery and has been blocked based on your security preferences.">

browser/locales/en-US/chrome/overrides/appstrings.properties

@@ -30,6 +30,7 @@ externalProtocolUnknown=<Unknown>
 externalProtocolChkMsg=Remember my choice for all links of this type.
 externalProtocolLaunchBtn=Launch application
 malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
+unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
 phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
 cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
 corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.

browser/locales/en-US/chrome/overrides/netError.dtd

@@ -164,6 +164,11 @@ be temporary, and you can try again later.</li>
 <p>Website owners who believe their site has been reported as an attack site in error may <a href='http://www.stopbadware.org/home/reviewinfo' >request a review</a>.</p>
 ">
 
+<!ENTITY unwantedBlocked.title "Suspected Unwanted Software Site!">
+<!ENTITY unwantedBlocked.longDesc "
+<p>Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.</p>
+">
+
 <!ENTITY phishingBlocked.title "Suspected Web Forgery!">
 <!ENTITY phishingBlocked.longDesc "
 <p>Entering any personal information on this page may result in identity theft or other fraud.</p>

browser/metro/base/content/contenthandlers/Content.js

@@ -341,20 +341,15 @@ let Content = {
       }
     } else if (/^about:blocked/.test(errorDoc.documentURI)) {
       // The event came from a button on a malware/phishing block page
-      // First check whether it's malware or phishing, so that we can
-      // use the right strings/links.
-      let isMalware = /e=malwareBlocked/.test(errorDoc.documentURI);
     
       if (ot == errorDoc.getElementById("getMeOutButton")) {
         sendAsyncMessage("Browser:BlockedSite",
                          { url: errorDoc.location.href, action: "leave" });
       } else if (ot == errorDoc.getElementById("reportButton")) {
-        // This is the "Why is this site blocked" button.  For malware,
+        // This is the "Why is this site blocked" button. We redirect
-        // we can fetch a site-specific report, for phishing, we redirect
+        // to the generic page describing phishing/malware protection.
-        // to the generic page describing phishing protection.
-        let action = isMalware ? "report-malware" : "report-phishing";
         sendAsyncMessage("Browser:BlockedSite",
-                         { url: errorDoc.location.href, action: action });
+                         { url: errorDoc.location.href, action: "report-phishing" });
       } else if (ot == errorDoc.getElementById("ignoreWarningButton")) {
         // Allow users to override and continue through to the site,
         // but add a notify bar as a reminder, so that they don't lose

docshell/base/nsDocShell.cpp

@@ -5087,7 +5087,8 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
       }
     }
   } else if (NS_ERROR_PHISHING_URI == aError ||
-             NS_ERROR_MALWARE_URI == aError) {
+             NS_ERROR_MALWARE_URI == aError ||
+             NS_ERROR_UNWANTED_URI == aError) {
     nsAutoCString host;
     aURI->GetHost(host);
     CopyUTF8toUTF16(host, formatStrs[0]);
@@ -5106,14 +5107,19 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
       error.AssignLiteral("phishingBlocked");
       bucketId = IsFrame() ? nsISecurityUITelemetry::WARNING_PHISHING_PAGE_FRAME
                            : nsISecurityUITelemetry::WARNING_PHISHING_PAGE_TOP;
-    } else {
+    } else if (NS_ERROR_MALWARE_URI == aError) {
       error.AssignLiteral("malwareBlocked");
       bucketId = IsFrame() ? nsISecurityUITelemetry::WARNING_MALWARE_PAGE_FRAME
                            : nsISecurityUITelemetry::WARNING_MALWARE_PAGE_TOP;
+    } else {
+      error.AssignLiteral("unwantedBlocked");
+      bucketId = IsFrame() ? nsISecurityUITelemetry::WARNING_UNWANTED_PAGE_FRAME
+                           : nsISecurityUITelemetry::WARNING_UNWANTED_PAGE_TOP;
     }
 
-    if (errorPage.EqualsIgnoreCase("blocked"))
+    if (errorPage.EqualsIgnoreCase("blocked")) {
       Telemetry::Accumulate(Telemetry::SECURITY_UI, bucketId);
+    }
 
     cssClass.AssignLiteral("blacklist");
   } else if (NS_ERROR_CONTENT_CRASHED == aError) {
@@ -7824,6 +7830,7 @@ nsDocShell::EndPageLoad(nsIWebProgress* aProgress,
              aStatus == NS_ERROR_OFFLINE ||
              aStatus == NS_ERROR_MALWARE_URI ||
              aStatus == NS_ERROR_PHISHING_URI ||
+             aStatus == NS_ERROR_UNWANTED_URI ||
              aStatus == NS_ERROR_UNSAFE_CONTENT_TYPE ||
              aStatus == NS_ERROR_REMOTE_XUL ||
              aStatus == NS_ERROR_OFFLINE ||

docshell/resources/content/netError.xhtml

@@ -291,6 +291,7 @@
         <h1 id="et_nssFailure2">&nssFailure2.title;</h1>
         <h1 id="et_nssBadCert">&nssBadCert.title;</h1>
         <h1 id="et_malwareBlocked">&malwareBlocked.title;</h1>
+        <h1 id="et_unwantedBlocked">&unwantedBlocked.title;</h1>
         <h1 id="et_cspBlocked">&cspBlocked.title;</h1>
         <h1 id="et_remoteXUL">&remoteXUL.title;</h1>
         <h1 id="et_corruptedContentError">&corruptedContentError.title;</h1>
@@ -317,6 +318,7 @@
         <div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
         <div id="ed_nssBadCert">&nssBadCert.longDesc2;</div>
         <div id="ed_malwareBlocked">&malwareBlocked.longDesc;</div>
+        <div id="ed_unwantedBlocked">&unwantedBlocked.longDesc;</div>
         <div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
         <div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
         <div id="ed_corruptedContentError">&corruptedContentError.longDesc;</div>

dom/browser-element/BrowserElementChildPreload.js

@@ -1292,6 +1292,9 @@ BrowserElementChild.prototype = {
           case Cr.NS_ERROR_MALWARE_URI :
             sendAsyncMsg('error', { type: 'malwareBlocked' });
             return;
+          case Cr.NS_ERROR_UNWANTED_URI :
+            sendAsyncMsg('error', { type: 'unwantedBlocked' });
+            return;
 
           case Cr.NS_ERROR_OFFLINE :
             sendAsyncMsg('error', { type: 'offline' });

dom/locales/en-US/chrome/appstrings.properties

@@ -29,6 +29,7 @@ externalProtocolUnknown=<Unknown>
 externalProtocolChkMsg=Remember my choice for all links of this type.
 externalProtocolLaunchBtn=Launch application
 malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
+unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
 phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
 cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
 corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.

dom/locales/en-US/chrome/netError.dtd

@@ -81,6 +81,11 @@
 <p>Website owners who believe their site has been reported as an attack site in error may <a href='http://www.stopbadware.org/home/reviewinfo' >request a review</a>.</p>
 ">
 
+<!ENTITY unwantedBlocked.title "Suspected Unwanted Software Site!">
+<!ENTITY unwantedBlocked.longDesc "
+<p>Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.</p>
+">
+
 <!ENTITY phishingBlocked.title "Suspected Web Forgery!">
 <!ENTITY phishingBlocked.longDesc "
 <p>Entering any personal information on this page may result in identity theft or other fraud.</p>

mobile/android/chrome/content/blockedSite.xhtml

@@ -80,6 +80,9 @@
           case "phishingBlocked" :
             initPage_phishing();
             break;
+          case "unwantedBlocked" :
+            initPage_unwanted();
+            break;
         }
       }        
       
@@ -88,15 +91,21 @@
        */
       function initPage_malware()
       {
-        // Remove phishing strings
+        // Remove phishing/unwanted strings
         var el = document.getElementById("errorTitleText_phishing");
         el.parentNode.removeChild(el);
+        el = document.getElementById("errorTitleText_unwanted");
+        el.parentNode.removeChild(el);
 
         el = document.getElementById("errorShortDescText_phishing");
         el.parentNode.removeChild(el);
+        el = document.getElementById("errorShortDescText_unwanted");
+        el.parentNode.removeChild(el);
 
         el = document.getElementById("errorLongDescText_phishing");
         el.parentNode.removeChild(el);
+        el = document.getElementById("errorLongDescText_unwanted");
+        el.parentNode.removeChild(el);
 
         // Set sitename
         document.getElementById("malware_sitename").textContent = getHostString();
@@ -109,19 +118,53 @@
        */
       function initPage_phishing()
       {
-        // Remove malware strings
+        // Remove malware/unwanted strings
         var el = document.getElementById("errorTitleText_malware");
         el.parentNode.removeChild(el);
+        el = document.getElementById("errorTitleText_unwanted");
+        el.parentNode.removeChild(el);
 
         el = document.getElementById("errorShortDescText_malware");
         el.parentNode.removeChild(el);
+        el = document.getElementById("errorShortDescText_unwanted");
+        el.parentNode.removeChild(el);
 
         el = document.getElementById("errorLongDescText_malware");
         el.parentNode.removeChild(el);
+        el = document.getElementById("errorLongDescText_unwanted");
+        el.parentNode.removeChild(el);
 
         document.title = document.getElementById("errorTitleText_phishing")
                                  .innerHTML;
       }
+
+      /**
+       * Initialize custom strings and functionality for blocked unwanted
+       * software case
+       */
+      function initPage_unwanted()
+      {
+        // Remove malware/phishing strings
+        var el = document.getElementById("errorTitleText_malware");
+        el.parentNode.removeChild(el);
+        el = document.getElementById("errorTitleText_phishing");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorShortDescText_malware");
+        el.parentNode.removeChild(el);
+        el = document.getElementById("errorShortDescText_phishing");
+        el.parentNode.removeChild(el);
+
+        el = document.getElementById("errorLongDescText_malware");
+        el.parentNode.removeChild(el);
+        el = document.getElementById("errorLongDescText_phishing");
+        el.parentNode.removeChild(el);
+
+        // Set sitename
+        document.getElementById("unwanted_sitename").textContent = getHostString();
+        document.title = document.getElementById("errorTitleText_unwanted")
+                                 .innerHTML;
+      }
     ]]></script>
   </head>
 
@@ -133,6 +176,7 @@
       <div id="errorTitle">
         <h1 id="errorTitleText_phishing" class="errorTitleText">&safeb.blocked.phishingPage.title2;</h1>
         <h1 id="errorTitleText_malware" class="errorTitleText">&safeb.blocked.malwarePage.title;</h1>
+        <h1 id="errorTitleText_unwanted" class="errorTitleText">&safeb.blocked.unwantedPage.title;</h1>
       </div>
 
       <div id="errorLongContent">
@@ -141,12 +185,14 @@
         <div id="errorShortDesc">
           <p id="errorShortDescText_phishing">&safeb.blocked.phishingPage.shortDesc2;</p>
           <p id="errorShortDescText_malware">&safeb.blocked.malwarePage.shortDesc;</p>
+          <p id="errorShortDescText_unwanted">&safeb.blocked.unwantedPage.shortDesc;</p>
         </div>
 
         <!-- Long Description -->
         <div id="errorLongDesc">
           <p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc2;</p>
           <p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
+          <p id="errorLongDescText_unwanted">&safeb.blocked.unwantedPage.longDesc;</p>
         </div>
         
         <!-- Action buttons -->

mobile/android/chrome/content/browser.js

@@ -5547,10 +5547,14 @@ var ErrorPageEventHandler = {
           }
         } else if (errorDoc.documentURI.startsWith("about:blocked")) {
           // The event came from a button on a malware/phishing block page
-          // First check whether it's malware or phishing, so that we can
+          // First check whether it's malware, phishing or unwanted, so that we
-          // use the right strings/links
+          // can use the right strings/links
-          let isMalware = errorDoc.documentURI.contains("e=malwareBlocked");
+          let bucketName = "WARNING_PHISHING_PAGE_";
-          let bucketName = isMalware ? "WARNING_MALWARE_PAGE_" : "WARNING_PHISHING_PAGE_";
+          if (errorDoc.documentURI.contains("e=malwareBlocked")) {
+            bucketName = "WARNING_MALWARE_PAGE_";
+          } else if (errorDoc.documentURI.contains("e=unwantedBlocked")) {
+            bucketName = "WARNING_UNWANTED_PAGE_";
+          }
           let nsISecTel = Ci.nsISecurityUITelemetry;
           let isIframe = (errorDoc.defaultView.parent === errorDoc.defaultView);
           bucketName += isIframe ? "TOP_" : "FRAME_";
@@ -5565,23 +5569,10 @@ var ErrorPageEventHandler = {
             // the measurement is for how many users clicked the WHY BLOCKED button
             Telemetry.addData("SECURITY_UI", nsISecTel[bucketName + "WHY_BLOCKED"]);
 
-            // This is the "Why is this site blocked" button.  For malware,
+            // This is the "Why is this site blocked" button. We redirect
-            // we can fetch a site-specific report, for phishing, we redirect
+            // to the generic page describing phishing/malware protection.
-            // to the generic page describing phishing protection.
+            let url = Services.urlFormatter.formatURLPref("app.support.baseURL");
-            if (isMalware) {
+            BrowserApp.selectedBrowser.loadURI(url + "phishing-malware");
-              // Get the stop badware "why is this blocked" report url, append the current url, and go there.
-              try {
-                let reportURL = formatter.formatURLPref("browser.safebrowsing.malware.reportURL");
-                reportURL += errorDoc.location.href;
-                BrowserApp.selectedBrowser.loadURI(reportURL);
-              } catch (e) {
-                Cu.reportError("Couldn't get malware report URL: " + e);
-              }
-            } else {
-              // It's a phishing site, just link to the generic information page
-              let url = Services.urlFormatter.formatURLPref("app.support.baseURL");
-              BrowserApp.selectedBrowser.loadURI(url + "phishing-malware");
-            }
           } else if (target == errorDoc.getElementById("ignoreWarningButton")) {
             Telemetry.addData("SECURITY_UI", nsISecTel[bucketName + "IGNORE_WARNING"]);
 

mobile/android/locales/en-US/chrome/phishing.dtd

@@ -15,3 +15,8 @@
 <!ENTITY safeb.blocked.phishingPage.title2 "Suspected Web Forgery!">
 <!ENTITY safeb.blocked.phishingPage.shortDesc2 "Entering any personal information on this page may result in identity theft or other fraud.">
 <!ENTITY safeb.blocked.phishingPage.longDesc2 "<p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p>">
+
+<!ENTITY safeb.blocked.unwantedPage.title "Reported Unwanted Software Site!">
+<!-- Localization note (safeb.blocked.unwanted.shortDesc) - Please don't translate the contents of the <span id="unwanted_sitename"/> tag.  It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
+<!ENTITY safeb.blocked.unwantedPage.shortDesc "This web page at <span id='unwanted_sitename'/> has been reported to contain unwanted software and has been blocked based on your security preferences.">
+<!ENTITY safeb.blocked.unwantedPage.longDesc "Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.">

mobile/locales/en-US/overrides/appstrings.properties

@@ -31,6 +31,7 @@ externalProtocolChkMsg=Remember my choice for all links of this type.
 externalProtocolLaunchBtn=Launch application
 malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
 phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
+unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
 cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
 corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.
 remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox.

modules/libpref/init/all.js

@@ -4477,11 +4477,11 @@ pref("dom.inter-app-communication-api.enabled", false);
 pref("dom.mapped_arraybuffer.enabled", false);
 
 // The tables used for Safebrowsing phishing and malware checks.
-pref("urlclassifier.malwareTable", "goog-malware-shavar,test-malware-simple");
+pref("urlclassifier.malwareTable", "goog-malware-shavar,goog-unwanted-shavar,test-malware-simple,test-unwanted-simple");
 pref("urlclassifier.phishTable", "goog-phish-shavar,test-phish-simple");
 pref("urlclassifier.downloadBlockTable", "");
 pref("urlclassifier.downloadAllowTable", "");
-pref("urlclassifier.disallow_completions", "test-malware-simple,test-phish-simple,goog-downloadwhite-digest256,mozpub-track-digest256");
+pref("urlclassifier.disallow_completions", "test-malware-simple,test-phish-simple,test-unwanted-simple,goog-downloadwhite-digest256,mozpub-track-digest256");
 
 // The table and update/gethash URLs for Safebrowsing phishing and malware
 // checks.

security/manager/boot/public/nsISecurityUITelemetry.idl

@@ -6,7 +6,7 @@
 
 #include "nsISupports.idl"
 
-[scriptable, uuid(f7259bf4-1f2b-4e9e-8983-1978cc076fa1)]
+[scriptable, uuid(56e190a0-2802-4fc4-b09f-bcda357035c3)]
 
 interface nsISecurityUITelemetry : nsISupports {
 
@@ -141,6 +141,17 @@ const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE = 84;
 const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
 const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN = 2;
 const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME = 4;
-// This uses up buckets till 91 (including)
+
+// Another Safe Browsing list (like malware & phishing above)
+const uint32_t WARNING_UNWANTED_PAGE_TOP = 92;
+const uint32_t WARNING_UNWANTED_PAGE_TOP_WHY_BLOCKED = 93;
+const uint32_t WARNING_UNWANTED_PAGE_TOP_GET_ME_OUT_OF_HERE = 94;
+const uint32_t WARNING_UNWANTED_PAGE_TOP_IGNORE_WARNING = 95;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME = 96;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME_WHY_BLOCKED = 97;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME_GET_ME_OUT_OF_HERE = 98;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME_IGNORE_WARNING = 99;
+
+// This uses up buckets till 99 (including)
 // We only have buckets up to 100.
 };

toolkit/components/url-classifier/SafeBrowsing.jsm

@@ -199,8 +199,9 @@ this.SafeBrowsing = {
   addMozEntries: function() {
     // Add test entries to the DB.
     // XXX bug 779008 - this could be done by DB itself?
-    const phishURL   = "itisatrap.org/firefox/its-a-trap.html";
+    const phishURL    = "itisatrap.org/firefox/its-a-trap.html";
-    const malwareURL = "itisatrap.org/firefox/its-an-attack.html";
+    const malwareURL  = "itisatrap.org/firefox/its-an-attack.html";
+    const unwantedURL = "itisatrap.org/firefox/unwanted.html";
 
     let update = "n:1000\ni:test-malware-simple\nad:1\n" +
                  "a:1:32:" + malwareURL.length + "\n" +
@@ -208,6 +209,9 @@ this.SafeBrowsing = {
     update += "n:1000\ni:test-phish-simple\nad:1\n" +
               "a:1:32:" + phishURL.length + "\n" +
               phishURL;
+    update += "n:1000\ni:test-unwanted-simple\nad:1\n" +
+              "a:1:32:" + unwantedURL.length + "\n" +
+              unwantedURL;
     log("addMozEntries:", update);
 
     let db = Cc["@mozilla.org/url-classifier/dbservice;1"].
@@ -222,7 +226,7 @@ this.SafeBrowsing = {
     };
 
     try {
-      db.beginUpdate(dummyListener, "test-malware-simple,test-phish-simple", "");
+      db.beginUpdate(dummyListener, "test-malware-simple,test-phish-simple,test-unwanted-simple", "");
       db.beginStream("", "");
       db.updateStream(update);
       db.finishStream();

toolkit/components/url-classifier/nsUrlClassifierDBService.cpp

@@ -188,6 +188,9 @@ TablesToResponse(const nsACString& tables)
   if (FindInReadable(NS_LITERAL_CSTRING("-track-"), tables)) {
     return NS_ERROR_TRACKING_URI;
   }
+  if (FindInReadable(NS_LITERAL_CSTRING("-unwanted-"), tables)) {
+    return NS_ERROR_UNWANTED_URI;
+  }
   return NS_OK;
 }
 

toolkit/components/url-classifier/tests/mochitest/classifierFrame.html

@@ -33,8 +33,8 @@ function checkLoads() {
 <!-- Try loading from a malware javascript URI -->
 <script type="text/javascript" src="http://malware.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js"></script>
 
-<!-- Try loading from a malware css URI -->
+<!-- Try loading from an uwanted software css URI -->
-<link rel="stylesheet" type="text/css" href="http://malware.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.css"></link>
+<link rel="stylesheet" type="text/css" href="http://unwanted.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.css"></link>
 
 <!-- XXX How is this part of the test supposed to work (= be checked)? -->
 <!-- Try loading a marked-as-malware css through an @import from a clean URI -->

toolkit/components/url-classifier/tests/mochitest/mochitest.ini

@@ -9,6 +9,7 @@ support-files =
   import.css
   raptor.jpg
   track.html
+  unwantedWorker.js
   workerFrame.html
 
 [test_classifier.html]

toolkit/components/url-classifier/tests/mochitest/test_classifier.html

@@ -24,6 +24,12 @@ var testUpdate =
   "a:524:32:" + testData.length + "\n" +
   testData;
 
+testData = "unwanted.example.com/";
+testUpdate +=
+  "n:1000\ni:test-unwanted-simple\nad:1\n" +
+  "a:524:32:" + testData.length + "\n" +
+  testData;
+
 var dbService = Cc["@mozilla.org/url-classifier/dbservice;1"]
                 .getService(Ci.nsIUrlClassifierDBService);
 
@@ -55,7 +61,7 @@ function doUpdate(update) {
     }
   };
 
-  dbService.beginUpdate(listener, "test-malware-simple", "");
+  dbService.beginUpdate(listener, "test-malware-simple,test-unwanted-simple", "");
   dbService.beginStream("", "");
   dbService.updateStream(update);
   dbService.finishStream();
@@ -63,7 +69,7 @@ function doUpdate(update) {
 }
 
 SpecialPowers.pushPrefEnv(
-  {"set" : [["urlclassifier.malwareTable", "test-malware-simple"],
+  {"set" : [["urlclassifier.malwareTable", "test-malware-simple,test-unwanted-simple"],
             ["urlclassifier.phishTable", "test-phish-simple"]]},
   function() { doUpdate(testUpdate); });
 

toolkit/components/url-classifier/tests/mochitest/test_classifier_worker.html

@@ -23,6 +23,12 @@ var testUpdate =
   "a:550:32:" + testData.length + "\n" +
   testData;
 
+testData = "example.com/tests/toolkit/components/url-classifier/tests/mochitest/unwantedWorker.js";
+testUpdate +=
+  "n:1000\ni:test-unwanted-simple\nad:550\n" +
+  "a:550:32:" + testData.length + "\n" +
+  testData;
+
 var dbService = Cc["@mozilla.org/url-classifier/dbservice;1"]
                 .getService(Ci.nsIUrlClassifierDBService);
 
@@ -54,7 +60,7 @@ function doUpdate(update) {
     }
   };
 
-  dbService.beginUpdate(listener, "test-malware-simple", "");
+  dbService.beginUpdate(listener, "test-malware-simple,test-unwanted-simple", "");
   dbService.beginStream("", "");
   dbService.updateStream(update);
   dbService.finishStream();
@@ -73,7 +79,7 @@ function onmessage(event)
 }
 
 SpecialPowers.pushPrefEnv(
-  {"set" : [["urlclassifier.malwareTable", "test-malware-simple"],
+  {"set" : [["urlclassifier.malwareTable", "test-malware-simple,test-unwanted-simple"],
             ["urlclassifier.phishTable", "test-phish-simple"]]},
   function() { doUpdate(testUpdate); });
 

toolkit/components/url-classifier/tests/mochitest/unwantedWorker.js

@@ -0,0 +1,3 @@
+onmessage = function() {
+  postMessage("loaded bad file");
+}

toolkit/components/url-classifier/tests/mochitest/workerFrame.html

@@ -29,11 +29,27 @@ function startEvilWorker() {
 
   worker.onmessage = function(event) {
     window.parent.postMessage("failure:failed to block evilWorker.js", "*");
-    startCleanWorker();
+    startUnwantedWorker();
   };
 
   worker.onerror = function(event) {
     window.parent.postMessage("success:blocked evilWorker.js", "*");
+    startUnwantedWorker();
+  };
+
+  worker.postMessage("");
+}
+
+function startUnwantedWorker() {
+  var worker = new Worker("unwantedWorker.js");
+
+  worker.onmessage = function(event) {
+    window.parent.postMessage("failure:failed to block unwantedWorker.js", "*");
+    startCleanWorker();
+  };
+
+  worker.onerror = function(event) {
+    window.parent.postMessage("success:blocked unwantedWorker.js", "*");
     startCleanWorker();
   };
 

toolkit/components/url-classifier/tests/unit/head_urlclassifier.js

@@ -53,15 +53,18 @@ function cleanUp() {
   delFile("safebrowsing/classifier.hashkey");
   delFile("safebrowsing/test-phish-simple.sbstore");
   delFile("safebrowsing/test-malware-simple.sbstore");
+  delFile("safebrowsing/test-unwanted-simple.sbstore");
   delFile("safebrowsing/test-phish-simple.cache");
   delFile("safebrowsing/test-malware-simple.cache");
+  delFile("safebrowsing/test-unwanted-simple.cache");
   delFile("safebrowsing/test-phish-simple.pset");
   delFile("safebrowsing/test-malware-simple.pset");
+  delFile("safebrowsing/test-unwanted-simple.pset");
   delFile("testLarge.pset");
   delFile("testNoDelta.pset");
 }
 
-var allTables = "test-phish-simple,test-malware-simple";
+var allTables = "test-phish-simple,test-malware-simple,test-unwanted-simple";
 
 var dbservice = Cc["@mozilla.org/url-classifier/dbservice;1"].getService(Ci.nsIUrlClassifierDBService);
 var streamUpdater = Cc["@mozilla.org/url-classifier/streamupdater;1"]
@@ -114,6 +117,10 @@ function buildMalwareUpdate(chunks, hashSize) {
   return buildUpdate({"test-malware-simple" : chunks}, hashSize);
 }
 
+function buildUnwantedUpdate(chunks, hashSize) {
+  return buildUpdate({"test-unwanted-simple" : chunks}, hashSize);
+}
+
 function buildBareUpdate(chunks, hashSize) {
   return buildUpdate({"" : chunks}, hashSize);
 }
@@ -138,7 +145,7 @@ function doSimpleUpdate(updateText, success, failure) {
   };
 
   dbservice.beginUpdate(listener,
-                        "test-phish-simple,test-malware-simple");
+                        "test-phish-simple,test-malware-simple,test-unwanted-simple");
   dbservice.beginStream("", "");
   dbservice.updateStream(updateText);
   dbservice.finishStream();
@@ -180,7 +187,7 @@ function doStreamUpdate(updateText, success, failure, downloadFailure) {
     downloadFailure = failure;
   }
 
-  streamUpdater.downloadUpdates("test-phish-simple,test-malware-simple", "",
+  streamUpdater.downloadUpdates("test-phish-simple,test-malware-simple,test-unwanted-simple", "",
                                 dataUpdate, success, failure, downloadFailure);
 }
 
@@ -237,6 +244,11 @@ malwareUrlsExist: function(urls, cb)
   this.checkUrls(urls, 'test-malware-simple', cb);
 },
 
+unwantedUrlsExist: function(urls, cb)
+{
+  this.checkUrls(urls, 'test-unwanted-simple', cb);
+},
+
 subsDontExist: function(urls, cb)
 {
   // XXX: there's no interface for checking items in the subs table

toolkit/components/url-classifier/tests/unit/test_dbservice.js

@@ -47,18 +47,20 @@ var chunk6Urls = [
   ];
 var chunk6 = chunk6Urls.join("\n");
 
-// we are going to add chunks 1, 2, 4, 5, and 6 to phish-simple, and
+// we are going to add chunks 1, 2, 4, 5, and 6 to phish-simple,
-// chunk 2 to malware-simple.  Then we'll remove the urls in chunk3
+// chunk 2 to malware-simple and chunk 3 to unwanted-simple.
-// from phish-simple, then expire chunk 1 and chunks 4-6 from
+// Then we'll remove the urls in chunk3 from phish-simple, then
-// phish-simple.
+// expire chunk 1 and chunks 4-6 from phish-simple.
 var phishExpected = {};
 var phishUnexpected = {};
 var malwareExpected = {};
+var unwantedExpected = {};
 for (var i = 0; i < chunk2Urls.length; i++) {
   phishExpected[chunk2Urls[i]] = true;
   malwareExpected[chunk2Urls[i]] = true;
 }
 for (var i = 0; i < chunk3Urls.length; i++) {
+  unwantedExpected[chunk3Urls[i]] = true;
   delete phishExpected[chunk3Urls[i]];
   phishUnexpected[chunk3Urls[i]] = true;
 }
@@ -115,7 +117,7 @@ function tablesCallbackWithoutSub(tables)
   // there's a leading \n here because splitting left an empty string
   // after the trailing newline, which will sort first
   do_check_eq(parts.join("\n"),
-              "\ntest-malware-simple;a:1\ntest-phish-simple;a:2");
+              "\ntest-malware-simple;a:1\ntest-phish-simple;a:2\ntest-unwanted-simple;a:1");
 
   checkNoHost();
 }
@@ -133,7 +135,7 @@ function tablesCallbackWithSub(tables)
   // there's a leading \n here because splitting left an empty string
   // after the trailing newline, which will sort first
   do_check_eq(parts.join("\n"),
-              "\ntest-malware-simple;a:1\ntest-phish-simple;a:2:s:3");
+              "\ntest-malware-simple;a:1\ntest-phish-simple;a:2:s:3\ntest-unwanted-simple;a:1");
 
   // verify that expiring a sub chunk removes its name from the list
   var data =
@@ -182,6 +184,16 @@ function malwareExists(result) {
   }
 }
 
+function unwantedExists(result) {
+  dumpn("unwantedExists: " + result);
+
+  try {
+    do_check_true(result.indexOf("test-unwanted-simple") != -1);
+  } finally {
+    checkDone();
+  }
+}
+
 function checkState()
 {
   numExpecting = 0;
@@ -203,6 +215,12 @@ function checkState()
     dbservice.lookup(principal, allTables, malwareExists, true);
     numExpecting++;
   }
+
+  for (var key in unwantedExpected) {
+    var principal = secMan.getNoAppCodebasePrincipal(iosvc.newURI("http://" + key, null, null));
+    dbservice.lookup(principal, allTables, unwantedExists, true);
+    numExpecting++;
+  }
 }
 
 function testSubSuccess(result)
@@ -249,7 +267,10 @@ function do_adds() {
     chunk6 + "\n" +
     "i:test-malware-simple\n" +
     "a:1:32:" + chunk2.length + "\n" +
-      chunk2 + "\n";
+      chunk2 + "\n" +
+    "i:test-unwanted-simple\n" +
+    "a:1:32:" + chunk3.length + "\n" +
+      chunk3 + "\n";
 
   doSimpleUpdate(data, testAddSuccess, testFailure);
 }

toolkit/components/url-classifier/tests/unit/test_streamupdater.js

@@ -131,6 +131,7 @@ function testMultipleTables() {
   var add1Urls = [ "foo-multiple.com/a", "bar-multiple.com/c" ];
   var add2Urls = [ "foo-multiple.com/b" ];
   var add3Urls = [ "bar-multiple.com/d" ];
+  var add4Urls = [ "bar-multiple.com/e" ];
 
   var update = "n:1000\n";
   update += "i:test-phish-simple\n";
@@ -152,10 +153,17 @@ function testMultipleTables() {
        "urls" : add3Urls }]);
   update += "u:data:," + encodeURIComponent(update3) + "\n";
 
+  update += "i:test-unwanted-simple\n";
+  var update4 = buildBareUpdate(
+    [{ "chunkNum" : 4,
+       "urls" : add4Urls }]);
+  update += "u:data:," + encodeURIComponent(update4) + "\n";
+
   var assertions = {
-    "tableData" : "test-malware-simple;a:3\ntest-phish-simple;a:1-2",
+    "tableData" : "test-malware-simple;a:3\ntest-phish-simple;a:1-2\ntest-unwanted-simple;a:4",
     "urlsExist" : add1Urls.concat(add2Urls),
-    "malwareUrlsExist" : add3Urls
+    "malwareUrlsExist" : add3Urls,
+    "unwantedUrlsExist" : add4Urls
   };
 
   doTest([update], assertions, false);

toolkit/components/viewsource/content/viewSource.js

@@ -242,33 +242,15 @@ function onClickContent(event) {
 
   if (/^about:blocked/.test(errorDoc.documentURI)) {
     // The event came from a button on a malware/phishing block page
-    // First check whether it's malware or phishing, so that we can
-    // use the right strings/links
-    var isMalware = /e=malwareBlocked/.test(errorDoc.documentURI);
 
     if (target == errorDoc.getElementById('getMeOutButton')) {
       // Instead of loading some safe page, just close the window
       window.close();
     } else if (target == errorDoc.getElementById('reportButton')) {
-      // This is the "Why is this site blocked" button.  For malware,
+      // This is the "Why is this site blocked" button. We redirect
-      // we can fetch a site-specific report, for phishing, we redirect
+      // to the generic page describing phishing/malware protection.
-      // to the generic page describing phishing protection.
+      let url = Services.urlFormatter.formatURLPref("app.support.baseURL");
-
+      openURL(url + "phishing-malware");
-      if (isMalware) {
-        // Get the stop badware "why is this blocked" report url,
-        // append the current url, and go there.
-        try {
-          let reportURL = Services.urlFormatter.formatURLPref("browser.safebrowsing.malware.reportURL", true);
-          reportURL += errorDoc.location.href.slice(12);
-          openURL(reportURL);
-        } catch (e) {
-          Components.utils.reportError("Couldn't get malware report URL: " + e);
-        }
-      } else {
-        // It's a phishing site, just link to the generic information page
-        let url = Services.urlFormatter.formatURLPref("app.support.baseURL");
-        openURL(url + "phishing-malware");
-      }
     } else if (target == errorDoc.getElementById('ignoreWarningButton')) {
       // Allow users to override and continue through to the site
       gBrowser.loadURIWithFlags(content.location.href,

webapprt/locales/en-US/webapprt/overrides/appstrings.properties

@@ -29,6 +29,7 @@ externalProtocolUnknown=<Unknown>
 externalProtocolChkMsg=Remember my choice for all links of this type.
 externalProtocolLaunchBtn=Launch application
 malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
+unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
 phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
 cspBlocked=This application tried to access a resource that has a content security policy that prevents it from being loaded in this way.
 corruptedContentError=The application cannot continue loading because an error in the data transmission was detected.

xpcom/base/ErrorList.h

@@ -678,6 +678,7 @@
   ERROR(NS_ERROR_MALWARE_URI,           FAILURE(30)),
   ERROR(NS_ERROR_PHISHING_URI,          FAILURE(31)),
   ERROR(NS_ERROR_TRACKING_URI,          FAILURE(34)),
+  ERROR(NS_ERROR_UNWANTED_URI,          FAILURE(35)),
   /* Used when "Save Link As..." doesn't see the headers quickly enough to
    * choose a filename.  See nsContextMenu.js. */
   ERROR(NS_ERROR_SAVE_LINK_AS_TIMEOUT,  FAILURE(32)),