(This can be used in combination with bug 249673, bug 204224 or any other similar bug to hide the true download URL) On the Thunderbird download page (see URL), Mozilla directly shows the save-file dialog instead of requiring the user going an extra step with the what-do-you-want-to-do nag dialog. The nag dialog is important because it shows the actual address of the file. We can create a new nag box, or we can reuse the old one but with some options disabled. (Note: on some weird case, Mozilla will show the nag box for firefox download first. I don't know the full MIME type, but it has "msdos" in the type name.)
worksforme (winxp 2004062808, and linux current trunk). I do get the helper app dialog. do you have any settings for application/octet-stream in preferences/navigator/helper applications? > we can reuse the old one but with some options disabled. what options would that be? "open with default application" is already never available for executables in that dialog. allowing to open executables with a virus scanner (or debugger or hex editor ;) ) seems like a good idea to me. (note: I only know for sure that all of the above is true for mozilla. firefox forked the frontend code. but the backend code ensures that executables are never opened directly from the helper app dialog)
> do you have any settings for application/octet-stream in > preferences/navigator/helper applications? Yes! And deleting it does helps. That said, I swear I did see a download prompt before, and from what I can see now, the download prompt have "Always ask me" option disabled. So, something happened that checked the box. Resolving this bug as INVALID (but I'll investigate this further).
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → INVALID
On second thought, reopen. The real problem is that if the default action is to save the file, there's no way for user to check and verify the download URL, and there are ways of spoofing the download URL. Some suggestion: 1. Remove the "Always perform this action..." checkbox from dialog and force the user to go through the Helper preferences. 2. Provide a warning on checking this box (on UI and Online Help) (CC doc people) > Resolving this bug as INVALID (but I'll investigate this further). I tried the download link again, and this time "Always perform this action..." is checked. The MIME type shown is "application/x-msdos-program". This is two bugs (one mozilla.org and one browser). Will file new bugs if I cannot find duplicates.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Summary: Never directly show Save dialog for .exe file. Show Download Nag Prompt first [prevent hiding of true download URL] → If the default action is Save without prompt [and download progress dialog is off], there is no way of user to check the real download URL. Warning and/or option removal needed.
Is this a Mozilla-Bug, a Firefox-Bug, or a Thunderbird-Bug? Using Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a2) Gecko/20040705 the page loads, and a bit later a download box opens, giving me the option to Open or Save the file, Save checked, and the checkbox for 'always perform this action' is shown grey and unchecked, can´t be selected. When I´m canceling this box, and reopen it by clicking on the 'click here' link, I could make that selection, but I will NEVER do it, not even for checking mozilla!
I don't have Firefox, so I can only say this is a Mozilla bug. Mozilla allows 'always perform this action' to be checked for certain .exe MIME types (e.g. bug 236967). What I'm suggesting is to either remove that option entirely to prevent users from inadvertantly checking the box (they can still go through Preferences to check it), or to have a stronger warning message.
Status: REOPENED → NEW
Assignee: file-handling → nobody
QA Contact: ian → file-handling
Component: File Handling → File Handling
Product: Core → Firefox
Version: Trunk → unspecified
You need to log in before you can comment on or make changes to this bug.