Closed Bug 1644877 Opened 1 year ago Closed 1 year ago

Mark DER files as executable/dangerous

Categories

(Firefox :: File Handling, defect, P1)

defect

Tracking

()

RESOLVED FIXED
Firefox 79
Tracking Status
firefox79 --- fixed

People

(Reporter: mkaply, Assigned: Gijs)

Details

Attachments

(1 file)

DER files should be on our executable list since CRT files are already there.

Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
Flags: needinfo?(dlee)
Severity: -- → S3
Priority: -- → P1
Summary: Add DER to sExecutableExt list → Mark DER files as executable/dangerous

I failed to give background on this. Sorry about that.

In bug 1024871 we made it so that CRT/DER files no longer get added automatically to Firefox, they get downloaded.

The result of that now is that CRT and DER files behave differently from each other (at least on Windows).

CRT files are always forced to download because they are on the sExecutable list.

Because DER files are not on the list, you're offered to execute them via Windows.

Since CRT/DER files both have the same outcome and are the same mime type (application/x-x509-ca-cert), either both should be marked executable or neither should be marked executable.

There shouldn't be a difference between how the two are treated.

(In reply to :Gijs (he/him) from comment #1)

Dimi, should they be checked with appreputation? (see https://searchfox.org/mozilla-central/rev/4bb2401ecbfce89af06fb2b4d0ea3557682bd8ff/toolkit/components/reputationservice/ApplicationReputation.cpp#102-139 )

Yes, so it should be in sExecutableExts.

Flags: needinfo?(dlee)
Pushed by gijskruitbosch@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/feadc078cdf3
mark .der files as executable (just like .crt), r=dimi
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 79
You need to log in before you can comment on or make changes to this bug.