Closed Bug 1654780 Opened 4 years ago Closed 4 years ago

Drag and Drop Bypasses Mixed Content Download Blocking

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- unaffected
firefox78 --- unaffected
firefox79 --- unaffected
firefox80 --- fix-optional
firefox81 --- affected

People

(Reporter: sstreich, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

From Bug 1614969
Simona Badau :

... if I try to download a file from https://www.thinkbroadband.com/download by clicking on it, then the download is blocked (as the Opening dialog is never displayed). But if I drag the same file over the Downloads icon in the Navigation bar, then the download is completed.

Assignee: nobody → sstreich
Status: NEW → ASSIGNED
Regressed by: 1614969

Set release status flags based on info from the regressing bug 1614969

status-firefox78: --- → unaffected
status-firefox79: --- → unaffected
status-firefox80: --- → affected
status-firefox-esr68: --- → unaffected
status-firefox-esr78: --- → unaffected
Severity: -- → S4
Priority: -- → P2
Whiteboard: [domsecurity-active]
Blocks: 1614969
status-firefox80: affectedfix-optional
Keywords: regression
No longer regressed by: 1614969
Assignee: sstreich → nobody
Status: ASSIGNED → NEW
Priority: P2 → P3
Whiteboard: [domsecurity-active] → [domsecurity-backlog1]

But if I drag the same file over the Downloads icon in the Navigation bar, then the download is completed.

Fixing this is rather complex as we would need to classify each link drag. Also i personally think this is an edge case, if a user really want's do download a link (which he does when it's dragged on top of the download icon) - we should not stop him :)

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.