243503 - Page can open application associated with some protocols without user confirmation

Status: RESOLVED DUPLICATE of bug 167475

(SeaMonkey :: General, defect)

Description

[Met - Martin Hassman]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.7) Gecko/20040501
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.7) Gecko/20040501

If you include in some src or href attribute extenal protocol, it can launch
assiciated application. In some cases it can launch infinitive number of
instances - so it can consume computer resources, lead to possible crash of
Mozilla or OS etc. etc.

Tested with: Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.7)
Gecko/20040501 (and Firefox 0.8) in Windows2000

List of protocols (in fact here are almost all registered protocols, only http,
ftp, file:, gopher:, news: and similar web protocols used in Mozilla are are not
affected):

telnet:
ldap:
outlook:
rlogin:
tn3270:
shell:
callto: (only one instance)
mms:, mmst:, mmsu:, msbd: (only one instance)
pnm:, rtsp: (only one instance)
quicktime: (only one instance)

You can use it as <img src="telnet:"> or <link rel="stylesheet" href="tn3270:"
/> or <iframe src="mms:"></iframe> and probaly some other cases.


bug #243170 is probably  relating to this

Reproducible: Always
Steps to Reproduce:

Comment 1

[Met - Martin Hassman]

Attachment: Tescase - opens some applications associated with registered protcols

Here is some testcase, which is trying to open your associted applications

Comment 2

[Anders Pedersen]

Confirmed.

- Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a) Gecko/20040512
Firefox/0.8.0+
- Microsoft Windows 2000 Pro 5.00.2195 SP4

Comment 3

[Boris Zbarsky [:bzbarsky]]

This is a duplicate.

Comment 4

[Matthew Imakyure]

Probably bug 167475.

Comment 5

[Matthew Imakyure]

See also bug 163767 and bug 167473

Comment 6

[Adam Hauner]

Marking as dupe of bug 167475.

*** This bug has been marked as a duplicate of 167475 ***