Right-click on Open, Remove, or Cancel in the download manager executes the command

VERIFIED INVALID

Status

()

Toolkit
Downloads API
VERIFIED INVALID
13 years ago
9 years ago

People

(Reporter: Craig Cockburn, Unassigned)

Tracking

({polish})

Trunk
x86
Windows XP
polish
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10

After downloading, right click the "open" link in download manager to select
"open in containing folder". However, the file opens rather than showing the
folder. I am noting this as a security problem because rather than viewing the
file location in explorer, the file executes and could contain malicious
material. I noticed this problem when downloading a file with two dots in the
filename and received a warning (from meda player) about the filetype and I
wanted to view the file location details via the open link to see what the
problem was.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1

13 years ago
WFM: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10

Can you give me the URL of a file where this happened, and also the full path
where you downloaded it to?

Also, if possible, please unmark this as a security sensitive bug. It's not.
(Reporter)

Comment 2

13 years ago
This happens on every download, irrespective of file type or download location.
You have to right click on the "open" link to replicate. Right clicking
elsewhere in the item area works fine.
Confirming, the "Open" and "Remove" links do not distinguish between right and
left clicks. Other parts of the browser make this distinction, and some features
are available only if you right click on a link itself (open link in new
window/tab, whichever isn't your default meta action;  copy or save link, etc.). 

We've trained people to expect this, and if users somehow got wind of the "open
folder" feature they are far more likely to try right-clicking on the link
itself than to think of trying random spots in the item area.

"unsafe" types still get the usual warning dialog, same as a regular click. I
agree this is not a security hole (an attacker couldn't mount an attack assuming
users would click for an obscure feature in the wrong spot) but it's still
potentially dangerous behavior if you assume that some part of the time people
are using the open-in-folder feature to check suspicious downloads.
Group: security
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 4

13 years ago
*** Bug 261127 has been marked as a duplicate of this bug. ***

Comment 5

13 years ago
Adjusting summary based on comment 3 and bug 261127
Summary: Download right click on open link in download manager - open containing folder doesn't → Right-click on Open or Remove in the download manager, executes the command

Comment 6

13 years ago
Created attachment 166779 [details]
before right-clicking

about to right-click on 'open'

Comment 7

13 years ago
Created attachment 166780 [details]
after right-clicking on 'open'

after right clicking - Word has opened and a context menu has appeared

Comment 8

13 years ago
Created attachment 166781 [details]
just the 'Word' window

If I use 'alt prt sc' to snap just the Word window, the context menu appears in
the snapshot.  Note that even if the context menu was overlapping the edge of
the Word window in reality, it appears entirely inside the Word window in the
snapshot.

Comment 9

12 years ago
*** Bug 314741 has been marked as a duplicate of this bug. ***

Comment 10

12 years ago
*** Bug 286221 has been marked as a duplicate of this bug. ***

Comment 11

12 years ago
Adding "Cancel" to the list of links.  Also, this depends on bug 260879.
Depends on: 260879
Summary: Right-click on Open or Remove in the download manager, executes the command → Right-click on Open, Remove, or Cancel in the download manager executes the command

Comment 12

12 years ago
A new user of the 1.5 release just signaled this to me, and it definitively makes it look unpolished :-(

Right now, right click on the 'open'/'cancel' pseudo-link in the download manager both does the left click action and opens the contextual menu.

I don't want bug 260879 to act as a straw man here.
In the future, we might want button instead of links, but 1.5 needs an update where the behavior is corrected. IMHO it won't be long before this gets in the top of the duplicate list.
No longer depends on: 260879
Keywords: polish

Comment 13

12 years ago
*** Bug 281065 has been marked as a duplicate of this bug. ***

Updated

12 years ago
Depends on: 260879

Comment 14

11 years ago
This is a general problem with the <label class="text-link" onclick="..."/> pattern, and it affects at least the Get Extensions link in the addons window too.

We could add the button check to each of the handlers or use a different event to indicate that user followed a link ('command'?) The latter appeals more to me.

Updated

11 years ago
QA Contact: ali → download.manager
Assignee: bugs → nobody
The links are no longer used and have been replaced with buttons, solving this problem.  This bug is no longer valid.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → INVALID
Version: unspecified → Trunk
Verified
Status: RESOLVED → VERIFIED
(Assignee)

Updated

9 years ago
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.