Closed Bug 260323 Opened 20 years ago Closed 17 years ago

Right-click on Open, Remove, or Cancel in the download manager executes the command

Categories

(Toolkit :: Downloads API, defect)

Product:
Toolkit
Component:
Downloads API
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: craig, Unassigned)

References

Details

(Keywords: polish)

Attachments

(3 files)

before right-clicking
8.34 KB, image/png
Details
after right-clicking on 'open'
17.11 KB, image/png
Details
just the 'Word' window
14.53 KB, image/png
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10

After downloading, right click the "open" link in download manager to select
"open in containing folder". However, the file opens rather than showing the
folder. I am noting this as a security problem because rather than viewing the
file location in explorer, the file executes and could contain malicious
material. I noticed this problem when downloading a file with two dots in the
filename and received a warning (from meda player) about the filetype and I
wanted to view the file location details via the open link to see what the
problem was.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
WFM: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10

Can you give me the URL of a file where this happened, and also the full path
where you downloaded it to?

Also, if possible, please unmark this as a security sensitive bug. It's not.
This happens on every download, irrespective of file type or download location.
You have to right click on the "open" link to replicate. Right clicking
elsewhere in the item area works fine.
Confirming, the "Open" and "Remove" links do not distinguish between right and
left clicks. Other parts of the browser make this distinction, and some features
are available only if you right click on a link itself (open link in new
window/tab, whichever isn't your default meta action;  copy or save link, etc.). 

We've trained people to expect this, and if users somehow got wind of the "open
folder" feature they are far more likely to try right-clicking on the link
itself than to think of trying random spots in the item area.

"unsafe" types still get the usual warning dialog, same as a regular click. I
agree this is not a security hole (an attacker couldn't mount an attack assuming
users would click for an obscure feature in the wrong spot) but it's still
potentially dangerous behavior if you assume that some part of the time people
are using the open-in-folder feature to check suspicious downloads.
Group: security
Status: UNCONFIRMED → NEW
Ever confirmed: true
*** Bug 261127 has been marked as a duplicate of this bug. ***
Adjusting summary based on comment 3 and bug 261127
Summary: Download right click on open link in download manager - open containing folder doesn't → Right-click on Open or Remove in the download manager, executes the command
Attached image before right-clicking 
about to right-click on 'open'
after right clicking - Word has opened and a context menu has appeared
Attached image just the 'Word' window 
If I use 'alt prt sc' to snap just the Word window, the context menu appears in
the snapshot.  Note that even if the context menu was overlapping the edge of
the Word window in reality, it appears entirely inside the Word window in the
snapshot.
*** Bug 314741 has been marked as a duplicate of this bug. ***
*** Bug 286221 has been marked as a duplicate of this bug. ***
Adding "Cancel" to the list of links.  Also, this depends on bug 260879.
Depends on: 260879
Summary: Right-click on Open or Remove in the download manager, executes the command → Right-click on Open, Remove, or Cancel in the download manager executes the command
A new user of the 1.5 release just signaled this to me, and it definitively makes it look unpolished :-(

Right now, right click on the 'open'/'cancel' pseudo-link in the download manager both does the left click action and opens the contextual menu.

I don't want bug 260879 to act as a straw man here.
In the future, we might want button instead of links, but 1.5 needs an update where the behavior is corrected. IMHO it won't be long before this gets in the top of the duplicate list.
No longer depends on: 260879
Keywords: polish
*** Bug 281065 has been marked as a duplicate of this bug. ***
Depends on: 260879
This is a general problem with the <label class="text-link" onclick="..."/> pattern, and it affects at least the Get Extensions link in the addons window too.

We could add the button check to each of the handlers or use a different event to indicate that user followed a link ('command'?) The latter appeals more to me.
QA Contact: ali → download.manager
Assignee: bugs → nobody
The links are no longer used and have been replaced with buttons, solving this problem.  This bug is no longer valid.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
Version: unspecified → Trunk
Verified
Status: RESOLVED → VERIFIED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: