Mark DER files as executable/dangerous
Categories
(Firefox :: File Handling, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox79 | --- | fixed |
People
(Reporter: mkaply, Assigned: Gijs)
Details
Attachments
(1 file)
DER files should be on our executable list since CRT files are already there.
Assignee | ||
Comment 1•4 years ago
|
||
Dimi, should they be checked with appreputation? (see https://searchfox.org/mozilla-central/rev/4bb2401ecbfce89af06fb2b4d0ea3557682bd8ff/toolkit/components/reputationservice/ApplicationReputation.cpp#102-139 )
Assignee | ||
Updated•4 years ago
|
Reporter | ||
Comment 2•4 years ago
|
||
I failed to give background on this. Sorry about that.
In bug 1024871 we made it so that CRT/DER files no longer get added automatically to Firefox, they get downloaded.
The result of that now is that CRT and DER files behave differently from each other (at least on Windows).
CRT files are always forced to download because they are on the sExecutable list.
Because DER files are not on the list, you're offered to execute them via Windows.
Since CRT/DER files both have the same outcome and are the same mime type (application/x-x509-ca-cert), either both should be marked executable or neither should be marked executable.
There shouldn't be a difference between how the two are treated.
Comment 3•4 years ago
|
||
(In reply to :Gijs (he/him) from comment #1)
Dimi, should they be checked with appreputation? (see https://searchfox.org/mozilla-central/rev/4bb2401ecbfce89af06fb2b4d0ea3557682bd8ff/toolkit/components/reputationservice/ApplicationReputation.cpp#102-139 )
Yes, so it should be in sExecutableExts.
Assignee | ||
Comment 4•4 years ago
|
||
Comment 6•4 years ago
|
||
bugherder |
Description
•