Open Bug 1809074 Opened 2 years ago Updated 1 month ago

[Linux] .url file repeatedly opens new tabs when opened with Firefox

Categories

(Firefox :: File Handling, defect)

Product:
Firefox
Component:
File Handling
Version:
Firefox 108
Platform:
Desktop
Linux
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: Popopo, Unassigned)

References

Details

(Keywords: csectype-dos, reporter-external, sec-low)

Attachments

(1 file)

URL file
135 bytes, text/plain
Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0

Steps to reproduce:

Opened a URL that aims to a ms-software-store link
You could see the whole process in the link: https://youtu.be/WAFKBwXAqO0
What shows the bug.
The example of files created in the follow link:
https://postlmg.cc/9z9xpmnk
It happened in Linux Mint OS.

Firefox 108.0.2 (64-bit)

Actual results:

Start to open new tabs without stop taking out all memory resources and CPU
Also start to create files on the /home/user without stop...
till the whole APP (Firefox) is closed.

Expected results:

Open a direct link to download a PDF

Here's the link in the video: https://www.lg.com/es/posventa/manuales-y-documentos

I couldn't reproduce the issue on OSX. (I had to check some box so that I could open it with something besides Apple's own apps... lovely.)

Summary: Firefox bug proceed like a worm when open from MS Store → .url file containing a ms-windows-store:// URL repeatedly opens new tabs when opened with Firefox
Attached file URL file β€”

Here's the URL file if somebody wants to download it and try it without going through the whole rigamarole of the LG website.

I haven't reproduced this, but it seems sec-low at worst. As presented, it requires the user download a file, then open it, and in the end you get something that just makes the browser unusable.

Keywords: csectype-dos, sec-low

(In reply to Andrew McCreight [:mccr8] from comment #3)

I haven't reproduced this, but it seems sec-low at worst. As presented, it requires the user download a file, then open it, and in the end you get something that just makes the browser unusable.

Not only,
Even if you need to open the zip firstly and secondly the link, that will trigger the bug.

Remember your disk will be filled with tons of small files. So... your system could become unusable.
The point is worse if you are trying to use web-scratching with the navigator, imagine you use it into a server on your own ecosystem...
Without surveillance it could ran out your storage space but also memory for the OS.

That is good you tried it out on your MacOS System.
Which browser version are you using?

My system is Linux Mint updated to the last version, so perhaps you could recreate it into a Virtual Machine.
I was asking anyway to other users to reproduce it, and they got the same bug.

The file is not important. That was just one example and it happens also with other official sites (hardware like LG or Software).

Can you reproduce on a clean Firefox profile?

I also cannot reproduce on macOS. Firefox just opens the .url file as if it were a plaintext file.

I expect that this is happening because Firefox is set up to automatically open URL files with the OS default app, and you're configuring the OS to make Firefox the default app, so you end up in a loop. Does the same thing happen if you open the file in a text editor and change the ms-windows-store URL to a different one?

Flags: needinfo?(silverio_m)

(In reply to :Gijs (he/him) from comment #5)

Can you reproduce on a clean Firefox profile?

I also cannot reproduce on macOS. Firefox just opens the .url file as if it were a plaintext file.

I expect that this is happening because Firefox is set up to automatically open URL files with the OS default app, and you're configuring the OS to make Firefox the default app, so you end up in a loop. Does the same thing happen if you open the file in a text editor and change the ms-windows-store URL to a different one?

Hi,
If you see in the minute 0:43 of the video that I have posted in the main message, opening it with the default OS App (in my case changed to) xed ver 3.2.8, it doesn't cause any loop or wrong behavior, but it start to happen when I open the URL with Firefox.

About to change the URL to a different one, what do you mean?

Flags: needinfo?(silverio_m)

(In reply to silverio_m from comment #6)

(In reply to :Gijs (he/him) from comment #5)

Can you reproduce on a clean Firefox profile?

I also cannot reproduce on macOS. Firefox just opens the .url file as if it were a plaintext file.

I expect that this is happening because Firefox is set up to automatically open URL files with the OS default app, and you're configuring the OS to make Firefox the default app, so you end up in a loop. Does the same thing happen if you open the file in a text editor and change the ms-windows-store URL to a different one?

Hi,
If you see in the minute 0:43 of the video that I have posted in the main message, opening it with the default OS App (in my case changed to) xed ver 3.2.8, it doesn't cause any loop or wrong behavior, but it start to happen when I open the URL with Firefox.

After opening the file with Firefox as you show in the video, if you pick just "Abrir" in the file manager context menu, does it open in Firefox or xed?

About to change the URL to a different one, what do you mean?

I mean the last line of the file that you show at that point has a line URL=ms-windows-store://pdp/... - if you change ms-windows-store to gobbledygook and save the file, does it make a difference to what happens if you then open the resulting file with Firefox?

You also haven't answered my other questions about a clean profile... It would also be helpful to know what file manager app and window manager you're using.

Basically I think this is a dupe of bug 215554 or bug 167320, but it's difficult to tell given I can't reproduce.

Flags: needinfo?(silverio_m)

Now I changed it to open with Xed. Firstly it was with Firefox.

To do it with a clean profile, need to create a new virtual machine and install the OS that I work with. But as I told, it happens in every OS system with Linux Mint.

So here are two options:
1- You could install this OS to reproduce the same conditions into a Virtual Machine and get your own answers that perhaps I could not answer due to didn't understand your doubts.
2- We could do a remote control on my computer and show it to you. Perhaps that is the best to do it easier

The second option I think could help to describe in this thread what is happening with a better descriptions that I have tried with the video and texts.

The only 2 tests I didn't try are:

  1. With all other Linux OS distribution, MS Windows OS. Mac Already I know because you have tried it on yours.
  2. Install a fresh Linux Mint OS with Cinnamon desktop manager and try it there.
Flags: needinfo?(silverio_m)

1 year later,
this awful bug still alive.

Flags: needinfo?(gnatili)

Re-routing to check what other information we need on this bug.

Flags: needinfo?(gnatili) → needinfo?(nalexander)

Adding some new information.
Tried it with Linux Mint 21.3 fresh installing with default Firefox, and the bug is there...
Still filling the disk with thousands of small files.
Still opening infinity taps on the browser.

Sorry for the burst of bugspam: filter on tinkling-glitter-filtrate
Adding reporter-external keyword to security bugs found by non-employees for accounting reasons

Keywords: reporter-external
Component: Untriaged → File Handling

So we also cannot reproduce on Linux. If this is still a problem for you, can you please clarify:

  1. which version of Firefox you're using (number as well as whether it's from Mozilla or Linux Mint, whether it's snap/flatpak or "normal")
  2. whether you have configured something on your system (other than Firefox) to open ms-windows-store files with Firefox, and if so what/how?
Flags: needinfo?(nalexander) → needinfo?(silverio_m)
See Also: → 1885804, 1842542

(In reply to :Gijs (he/him) from comment #13)

So we also cannot reproduce on Linux. If this is still a problem for you, can you please clarify:

  1. which version of Firefox you're using (number as well as whether it's from Mozilla or Linux Mint, whether it's snap/flatpak or "normal")
  2. whether you have configured something on your system (other than Firefox) to open ms-windows-store files with Firefox, and if so what/how?

Firstly it is not only a problem for me.
In fact, I don't want to imagine the interest to ignore the bug again. It seems almost lack of interest at all about security and stability talking about Firefox for Linux.
It really shocks me.

  1. The version was shown in previous posts.
  2. I tested it also in a virtual machine with the default OS and the result was shown in the video.

Note default OS means non flatpack/snap version.
Is it due to the team is only interested to give security in Microsoft ecosystems version?

Sorry, but frankly... I have not hopes in this team at all.
I am really shocked... more than 2 years for something so... incredible.

Flags: needinfo?(silverio_m)

(In reply to :Popopo from comment #14)

  1. The version was shown in previous posts.

You've not updated since then? Can you please try a supported version, ideally current release?

Is it due to the team is only interested to give security in Microsoft ecosystems version?

No, but so far nobody has been able to reproduce, neither on Linux nor anywhere else. I'm not installing Linux Mint in a dedicated VM just to try to reproduce the problem because that happens to be the distro you're using. There have to be at least 50 linux distros and it is not reasonable for me and other engineers to maintain access to all of them.

Flags: needinfo?(silverio_m)

(In reply to :Gijs (he/him) from comment #15)

(In reply to :Popopo from comment #14)

  1. The version was shown in previous posts.

You've not updated since then? Can you please try a supported version, ideally current release?

Is it due to the team is only interested to give security in Microsoft ecosystems version?

No, but so far nobody has been able to reproduce, neither on Linux nor anywhere else. I'm not installing Linux Mint in a dedicated VM just to try to reproduce the problem because that happens to be the distro you're using. There have to be at least 50 linux distros and it is not reasonable for me and other engineers to maintain access to all of them.

It makes sense.
I'll try it out again with new versions of LM22.1 but also with something highly used as Debian or Ubuntu.

Would you prefer the results or better a Video?

Flags: needinfo?(silverio_m)

(In reply to :Popopo from comment #16)

I'll try it out again with new versions of LM22.1 but also with something highly used as Debian or Ubuntu.

To be clear, I was mostly asking about the version of Firefox (I'm assuming Linux Mint either offers regular release updates for Firefox every 4 weeks, or uses ESR which gets security updates every 4 weeks, via apt and friends - but either way it'd be a more recent version than 108 with which this was originally reported). I'm not asking you to reinstall your distro!

If you have any clue at all what is handling ms-windows-store on your OS and/or desktop environment (is it "just" gnome or gtk3 or something, or something more... bespoke?), that would also be really helpful. On my Ubuntu install, nothing does (and so nothing happens). This is assuming that the same problem doesn't happen if the .url file contains, say, a mailto: link instead (assuming something is registered to deal with email links on your and most people's machines).

Would you prefer the results or better a Video?

Just the results is fine. We have tried to prevent this infinite loop situation a bunch (e.g. bug 1807260, bug bug 1678255, bug 1633790, bug 1496380, bug 1750253), but clearly something is still missing, somehow.

(In reply to :Gijs (he/him) from comment #17)

(In reply to :Popopo from comment #16)

I'll try it out again with new versions of LM22.1 but also with something highly used as Debian or Ubuntu.

To be clear, I was mostly asking about the version of Firefox (I'm assuming Linux Mint either offers regular release updates for Firefox every 4 weeks, or uses ESR which gets security updates every 4 weeks, via apt and friends - but either way it'd be a more recent version than 108 with which this was originally reported). I'm not asking you to reinstall your distro!

If you have any clue at all what is handling ms-windows-store on your OS and/or desktop environment (is it "just" gnome or gtk3 or something, or something more... bespoke?), that would also be really helpful. On my Ubuntu install, nothing does (and so nothing happens). This is assuming that the same problem doesn't happen if the .url file contains, say, a mailto: link instead (assuming something is registered to deal with email links on your and most people's machines).

Would you prefer the results or better a Video?

Just the results is fine. We have tried to prevent this infinite loop situation a bunch (e.g. bug 1807260, bug bug 1678255, bug 1633790, bug 1496380, bug 1750253), but clearly something is still missing, somehow.

Sure, I will test it again in a MV and destroy it later. No problem.
LG and some others have remove those kind of links to the Microsoft Store.
IMO, it seems that entry in a infinite loop due to how Firefox used to manage those kind of "links". Downloading it, open it, and since it was a Microsoft store that pretend to download something (the PDF user-guide or specs) but instead of it got again same link.

In the last test I did, it continued opening tabs but not storing files on the hard disk.
In few minutes I will test it, but I need to find another link. LG is not more available, so the issue cannot be reproduced.

Does the file attached to this report ( https://bugzilla.mozilla.org/attachment.cgi?id=9311446 ) not reproduce the problem for you? Sorry if I'm missing something obvious...

Flags: needinfo?(silverio_m)

Reporting.

Firefox version : Motzilla Firefox for Linux Mint 001 - 1.0 ver 134.0.2 (64-bit)
Desktop:

  • Cinnamon v: 6.4.6 tk
  • GTK v: 3.24.41
  • wm: Muffin
  • v: 6.4.1
  • vt: 7
  • dm: LightDM
  • v: 1.30.0
    Distro: Linux Mint 22.1 Xia base: Ubuntu 24.04 noble

How it behaves now
From https://www.lg.com/es/soporte/soporte-producto/cs-17Z90P-G.AA77B/?srsltid=AfmBOooN3UnpisXFhL0-7yaBuZPPIEUeQG_dvO_fRoA3Q4f1UjrCTsh3
Click on download symbol for the user guide.
It starts to download a zip with the full PDF, so the Microsoft access from new products are not the same again.
It seems that LG attended my suggestion and changed the way to download the files, not use anymore a link to Microsoft Store for some products. So I need to find another one to test it.

but from https://www.lg.com/es/soporte/soporte-producto/cs-17U70N-J.AA78B/
It has a link that download the file for testing.
The links aim to https://gscs-b2c.lge.com/downloadFile?fileId=bOxUq0N65F4bAf9NFSipA
Let's proceed.
Opened it it has the url file to open a Microsfot Store APP.
Unzipped and opened it, it is opened with a text editor without big problem. What means the OS now doesn't have as default APP for URL files the browser but a plain text editor (good policy)
Let's check now what happen when I open this URL with the Firefox

Now it pop's up a message to store another (the same) file with download extension and request for preferences to do it automatically next time.
Choose it but not selecting Open With (what may result in an infinite loop). It behave offering download another file and store it in the hard disk, so not opening tabs. That is another good policy that results in avoiding the problem (always good policies avoid unknown problems).

Now I will try to force the issue opening it again and selecting opening with (Firefox) and do it automatically next time.

The "bug" appear, but now in differences than before it needs to be forced with a preselection before.
It is opening infinite tabs, also creates infinite files in the download folder with the extension .part and random names.

So IMO this loop appear but need to be "forced" by the OS since the browser (Firefox) doesn't change the selection on the OS for managing URL files or the OS doesn't select by default the browser (Firefox) to open them resulting in infinite loop.

Congratulations team.

Suggestion: a small function/procedement on the code to detect if the same URL is opened more than 10 times in same session continuously , in such a case stop it and ask to the user if desire to continue. That would be a great policy and little very little implementation to avoid future uncontrolled issues.

If in any case, you would like to get more info, now is the time for it before I destroy the MV.

Thank you to all of you.

(In reply to :Gijs (he/him) from comment #19)

Does the file attached to this report ( https://bugzilla.mozilla.org/attachment.cgi?id=9311446 ) not reproduce the problem for you? Sorry if I'm missing something obvious...

Sorry,
My fault.
I was looking for the fist link on Google thinking (I was wrong) that all of them were still aiming to Microsoft Store.
I mixed them up. Not all of them anymore.

PS. Sorry for double post, I tried to delete one of them but I failed.

Flags: needinfo?(silverio_m)
Duplicate of this bug: 1948521

Given this only happens in specific configurations, and there are public equivalents for other filetypes (e.g. bug 1945395), keeping it hidden probably isn't accomplishing anything.

I am hoping to come back to this soon but I have a lot on my plate atm.

Group: firefox-core-security
OS: Unspecified → Linux
Hardware: Unspecified → Desktop
Summary: .url file containing a ms-windows-store:// URL repeatedly opens new tabs when opened with Firefox → [Linux] .url file repeatedly opens new tabs when opened with Firefox
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: