Vulnerability: Phishers can bypass the Firefox Phishing Filter very easily
This is far too easy; the Firefox Phishing Filter can be disasbled simply by adding an extra slash after the domain suffix.
The discovery is on Bugzilla - a demonstration is mentioned in the comments. The URLs I tested with are two that are mentioned in the discussion being:
triggers an alert
Does not trigger an alert"
Note this comment:
"Firefox is the only browser that fails with this, Opera's latest compilation has corrected this issue and IE is immune."
I can confirm that both of the above URLs trigger a phishing alert in Internet Explorer. Firefox 126.96.36.199 only flags the first URL as a phishing page.
According to Bugzilla, the "fix" is something that needs to be done at Google's end. I note that there is discussion saying that things should be changed, but nothing to say that it has be changed, so I downloaded Firefox 188.8.131.52 to see what the situation is. Sure enough, the problem continues, so why is the bug closed as "resolved fixed"?
How can we trust a phishing filter that can be bypassed so easily? The simple answer is that we cannot.