User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a6) Gecko/20041203 When using 'Save page as', the local filename chosen by the user (or the default one) is sent to the server. It does this by constructing URLs based on all the images in the page, but including '<local filename>_files' in the url. This usually generates a 404 error, but the page and images save OK. Reproducible: Always Steps to Reproduce: 1.Go to http://www.google.com/ 2.(Trace network activity, eg with ethereal) 3.Select 'Save Page As' from the context menu, and choose a distintive file name Actual Results: GET http://www.google.com/my_private_filename_where_i_type_lots_of_private_info_files/logo.gif HTTP/1.1 Expected Results: Save from cache, without sending strange requests. Also in mozilla 1.7.3 and firefox 1.0. Because the saved html is hardcoded to refer to '<local filename>_files' on the local filesystem it is not convenient to rename it, so the user may type a long filename to start with. This may contain several pieces of private information. eg an account number, or how much you think a competitor may bid for a contract, after reading their page, which you are now saving. A website might encourage the saving of a certain page, perhaps suggesting a format for the filename. They could then have this information stored against the identity of each user. If a page includes images from another server, perhaps as part of a secure transaction, and that server redirects the image request, then the new name of the image may be sent to the original server when the page is saved.
Assignee: general → file-handling
Component: General → File Handling
Product: Mozilla Application Suite → Core
QA Contact: general → ian
Version: unspecified → Trunk
duplicate of a non-security bug... should we remove the flag here? email@example.com: are you using a proxy? *** This bug has been marked as a duplicate of 249508 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
I want to open it to public view, but the tick box is greyed out, so I can't. The bug is consistently reproducible without a proxy.
14 years ago
You need to log in before you can comment on or make changes to this bug.