1276070 - Mac: Default option for malicious URL should be save, not open

Status: RESOLVED DUPLICATE of bug 1270405

(Firefox :: File Handling, defect)

Description

[Matt Wobensmith [:mwobensmith][:matt:]]

1. With existing profile, go here: http://testsafebrowsing.appspot.com/

2. Under "Desktop Download Warnings" click on link in item #1.

3. Note the default option.

Results:

Windows: Save File
Linux: Cancel
Mac: Open

Expected:
Windows: Save File
Linux: Cancel
Mac: Save File


Not a regression. However, it seems that the safest option should always be the default.

Comment 1

[:Paolo Amadini]

When we show the dialog, we don't have a verdict on whether the file is dangerous yet.

If "open" is selected and the download turns out to be malware, it is not actually opened. We are redesigning the open dialogs as part of a larger project in bug 1270405, we'd like to do the right thing automatically in most cases and warn as soon as we detect a file as malware.

Comment 2

[Matt Wobensmith [:mwobensmith][:matt:]]

Can you tell me why the default is different on Mac vs Windows? That is part of the reason I filed this bug.

Comment 3

[:Paolo Amadini]

(In reply to Matt Wobensmith [:mwobensmith][:matt:] from comment #2)
> Can you tell me why the default is different on Mac vs Windows? That is part
> of the reason I filed this bug.

It's most probably due to the default configuration of the operating system for the file type. While the file is served as "application/octet-stream", it contains ASCII text. I guess we detect this and try to open the file with the default text editor on Mac to improve web compatibility.

It doesn't make sense to me that we don't do the same on Windows as well. We should sort this out while we rework the Content Handling code...