Closed
Bug 249756
Opened 20 years ago
Closed 3 years ago
If the default action is Save without prompt [and download progress dialog is off], there is no way of user to check the real download URL. Warning and/or option removal needed.
Categories
(Firefox :: File Handling, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: danielwang, Unassigned)
References
(Blocks 1 open bug, )
Details
(This can be used in combination with bug 249673, bug 204224 or any other similar bug to hide the true download URL) On the Thunderbird download page (see URL), Mozilla directly shows the save-file dialog instead of requiring the user going an extra step with the what-do-you-want-to-do nag dialog. The nag dialog is important because it shows the actual address of the file. We can create a new nag box, or we can reuse the old one but with some options disabled. (Note: on some weird case, Mozilla will show the nag box for firefox download first. I don't know the full MIME type, but it has "msdos" in the type name.)
Comment 1•20 years ago
|
||
worksforme (winxp 2004062808, and linux current trunk). I do get the helper app
dialog. do you have any settings for application/octet-stream in
preferences/navigator/helper applications?
> we can reuse the old one but with some options disabled.
what options would that be? "open with default application" is already never
available for executables in that dialog. allowing to open executables with a
virus scanner (or debugger or hex editor ;) ) seems like a good idea to me.
(note: I only know for sure that all of the above is true for mozilla. firefox
forked the frontend code. but the backend code ensures that executables are
never opened directly from the helper app dialog)
Reporter | ||
Comment 2•20 years ago
|
||
> do you have any settings for application/octet-stream in
> preferences/navigator/helper applications?
Yes! And deleting it does helps.
That said, I swear I did see a download prompt before, and from what I can see
now, the download prompt have "Always ask me" option disabled. So, something
happened that checked the box. Resolving this bug as INVALID (but I'll
investigate this further).
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 3•20 years ago
|
||
On second thought, reopen. The real problem is that if the default action is to
save the file, there's no way for user to check and verify the download URL, and
there are ways of spoofing the download URL. Some suggestion:
1. Remove the "Always perform this action..." checkbox from dialog and force
the user to go through the Helper preferences.
2. Provide a warning on checking this box (on UI and Online Help)
(CC doc people)
> Resolving this bug as INVALID (but I'll investigate this further).
I tried the download link again, and this time "Always perform this action..."
is checked. The MIME type shown is "application/x-msdos-program". This is two
bugs (one mozilla.org and one browser). Will file new bugs if I cannot find
duplicates.
Blocks: 249757
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Summary: Never directly show Save dialog for .exe file. Show Download Nag Prompt first [prevent hiding of true download URL] → If the default action is Save without prompt [and download progress dialog is off], there is no way of user to check the real download URL. Warning and/or option removal needed.
Comment 4•20 years ago
|
||
Is this a Mozilla-Bug, a Firefox-Bug, or a Thunderbird-Bug? Using Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a2) Gecko/20040705 the page loads, and a bit later a download box opens, giving me the option to Open or Save the file, Save checked, and the checkbox for 'always perform this action' is shown grey and unchecked, can´t be selected. When I´m canceling this box, and reopen it by clicking on the 'click here' link, I could make that selection, but I will NEVER do it, not even for checking mozilla!
Reporter | ||
Comment 5•20 years ago
|
||
I don't have Firefox, so I can only say this is a Mozilla bug. Mozilla allows 'always perform this action' to be checked for certain .exe MIME types (e.g. bug 236967). What I'm suggesting is to either remove that option entirely to prevent users from inadvertantly checking the box (they can still go through Preferences to check it), or to have a stronger warning message.
Status: REOPENED → NEW
Updated•15 years ago
|
Assignee: file-handling → nobody
QA Contact: ian → file-handling
Updated•8 years ago
|
Product: Core → Firefox
Version: Trunk → unspecified
Comment 6•3 years ago
•
|
||
Closing this as resolved:incomplete since it is an old Windows 2000 issue that is no longer a supported OS and the last activity on this ticket was 18 years ago. The current download dialog in the latest Firefox version will show the source of the download.
Status: NEW → RESOLVED
Closed: 20 years ago → 3 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•