+++ This bug was initially created as a clone of Bug #1576616 +++
Build ID: 20200625152958
Update Channel: beta
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Testing performed using the latest Firefox 78.0 beta has shown that Java Web Start (.jnlp) files are still falsely being considered as executables. Therefore a scary warning window is shown to the end user each time a JNLP file is downloaded, with the intend to execute it using the pre-installed Java Web Start launcher. To put it mildly, the user experience is just terrible.
For completeness, the warning message titled: Open Executable File?
"example.jnlp" is an executable file. Executable files may contain viruses or other malicious code that could harm your computer. Use caution when opening this file. Are you sure you want to launch "example.jnlp"?
We had reported this very same issue last year, ref. the following bugs:
- Bug 1576616 (RESOLVED FIXED) - Should not treat JNLP files as Executables (revert bug 1392955) on ESR-68
- The bug I had created last year for the same issue
- Linked to base bug 1392955 by Mozilla
- Reused to revert the security fix as of Firefox ESR 68.2, restoring the 'user friendly' behavior for EBS users without extra warning messages.
- Bug 1392955 (VERIFIED FIXED) JNLP should be treated as executable
- Base bug that fixed the 'security issue'
- The code change was included with Firefox 67.0 and the behavior has not changed till this date, incl. the latest Firefox 78.0 beta. Only Firefox ESR 68.2+ does NOT included the code change.
- Bug 1576762 - Improve usability for JNLP and other executable
- Created by Mozilla, intended to work out a more comprehensive approach, such as e.g. handling Windows executables ".exe" differently from others like ".jnlp"
- Status NEW and Unassigned
Our concerns are two folded:
- Firefox 78.0 is expected to be the baseline for Firefox ESR 78.0 due next week. Given that the code change was reverted only for Firefox ESR 68.2+ it is our expectation that Firefox ESR 78.0 will re-introduce the warning message. We cannot confirm this today but if this is the case, then we yet again ask for the code change to be reverted for Firefox ESR 78.x.
- In bug 1576616 and bug 1392955 myself (Oracle) and Donald Smith (Java SE Product management at Oracle) had given several arguments that explain why JNLP files are NOT executables. We'd highly appreciate some progress on bug 1576762 to get this issue sorted out in both Firefox Rapid Release and ESR. We can provide any further clarifications if needed via that bug concerning the handling of JNLP once Firefox passes it over to our Java Web Start launcher.