If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Firefox silently downloads iframe src files. Even executable files !!

VERIFIED DUPLICATE of bug 266325

Status

()

Toolkit
Downloads API
--
blocker
VERIFIED DUPLICATE of bug 266325
13 years ago
9 years ago

People

(Reporter: Juan Rey, Assigned: Ben Goodger (use ben at mozilla dot org for email))

Tracking

Trunk
x86
Windows XP
Points:
---
Bug Flags:
blocking-aviary1.0.3 -
blocking-aviary1.5 -

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050227 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050227 Firefox/1.0+

When Firefox finds in a HTML document an iframe tag  with a file source
automatically downloads it, it does not mind what file type it is, even an
executable one. 

Try this:
<iframe height="0" width="0"
src="ftp://ftp.rediris.es/mirror/simtelnet/win95/filemngr/tcmdr651.exe"></iframe>

Reproducible: Always

Comment 1

13 years ago
Seems not to be a bug, see Bug 266325.
Version: unspecified → Trunk
(Reporter)

Comment 2

13 years ago
(In reply to comment #1)
> Seems not to be a bug, see Bug 266325.

I do not think so. An unsolicited executable (.exe) under windows ia always a
risk and such file could be too big for a dialup connection.

Anyway about iframe source files, shouldn't them be filterred by filetype (
extension or magic number ) ? shouldn't them be filterred by filesize ( maximun
filesize configuration option ) ?

Comment 3

13 years ago

*** This bug has been marked as a duplicate of 266325 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
(Reporter)

Comment 4

13 years ago
(In reply to comment #3)
> 
> *** This bug has been marked as a duplicate of 266325 ***

That bug is INVALID, since it describes a diferent, old, behavior I think that
this one, 284282, must not be resolved as duplicated.
Severity: normal → blocker
Status: VERIFIED → UNCONFIRMED
Resolution: DUPLICATE → ---
(Reporter)

Updated

13 years ago
Flags: blocking-aviary1.1?
Flags: blocking-aviary1.0.3?
(Reporter)

Updated

13 years ago
Summary: Firefox automatically downloads iframe src even executable files → Firefox silently downloads iframe src files. Even executable files !!
This is a dupe, do not reopen this bug a second time.  Please read
https://bugzilla.mozilla.org/etiquette.html before commenting further.

*** This bug has been marked as a duplicate of 266325 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago13 years ago
Resolution: --- → DUPLICATE
(Reporter)

Comment 6

13 years ago
(In reply to comment #5)
> This is a dupe, do not reopen this bug a second time.  Please read
> https://bugzilla.mozilla.org/etiquette.html before commenting further.
> 
> *** This bug has been marked as a duplicate of 266325 ***

Maybe, but I don not know if you really noticed the different behavior between
old bug, INVALID, and this one and if you have pondered it or you just marked it
again as duplicated without paying any attention.

I am sorry about bordering but surprisingly I have not had any feedback from you
from my feedback, I did, to you. So I would appreciate you to discuss things or
at least explaining your reasons and showing me you understand my comments.

Please reply this post !!!
Flags: blocking-aviary1.1?
Flags: blocking-aviary1.1-
Flags: blocking-aviary1.0.3?
Flags: blocking-aviary1.0.3-
(Reporter)

Comment 7

13 years ago
knock, knock !!


Thank you for "your acknowledgment" !!!

Comment 8

13 years ago
(In reply to comment #7)
> knock, knock !!
> 
> 
> Thank you for "your acknowledgment" !!!

As stated in comment 5, please read the "rules" of conduct:

"2  No obligation. 
"Open Source" is not the same as "the developers must do my bidding." The only
person who has any obligation to fix the bugs you want fixed is you. Never act
as if you expect someone to fix a bug by a particular date or release. This is
merely obnoxious, and is likely to get the bug ignored."
Status: RESOLVED → VERIFIED
(Reporter)

Comment 9

13 years ago
(In reply to comment #8)
> (In reply to comment #7)
> > knock, knock !!
> > 
> > 
> > Thank you for "your acknowledgment" !!!
> 
> As stated in comment 5, please read the "rules" of conduct:
> 
> "2  No obligation. 
> "Open Source" is not the same as "the developers must do my bidding." The only
> person who has any obligation to fix the bugs you want fixed is you. Never act
> as if you expect someone to fix a bug by a particular date or release. This is
> merely obnoxious, and is likely to get the bug ignored."
> 

First of all, I just wanted you to show me any kind of manners, instead of
ignoring me. I do not want specifically you to do something.

However this is, or is not, a bug with out dependence on who is going to solve
it, even if no body would like to work on it.

Developers must NOT do my bidding. But as a user in this project (developer in
other projects) I do not feel my self as an inferior being who should not be pay
attention to. We are on the same team, treat me as a person.

Anyway, I could not understand how this bug was ignored, comparing it with bug
279945

Comment 10

13 years ago
You ask for a response on April 1. With a weekend in between, don't start
sending reminders already on April 4. That comes across as obnoxious and will be
ignored. The same goes for reopening bugs, shouting, and exlamation marks and
talking about "inferior beings" and not "being treated as a person".

Your blocking request was something altogether differenent and handled by
someone else. Furthermore, i assume "you" is used transferrably, as you, Juan,
never asked me, Patrick, anything.

End of non-bug related discussion.
(Reporter)

Comment 11

13 years ago
(In reply to comment #10)
> You ask for a response on April 1. With a weekend in between, don't start
> sending reminders already on April 4. 

Mike Connor took a time to change this bug resolution but not for arguing about
it, as I asked him 20 minutes later. Frank Wien never replied my post,
2005-09-03, in bug 266325 so I was afraid it is happening again.

> That comes across as obnoxious and will be
> ignored. The same goes for reopening bugs, shouting, and exlamation marks and
> talking about "inferior beings" and not "being treated as a person".
>

I am very sorry about my unproper manners bat it was the only way to get your
attention for a bug I am concerned about.

> Your blocking request was something altogether differenent and handled by
> someone else. Furthermore, i assume "you" is used transferrably, as you, Juan,
> never asked me, Patrick, anything.
> 

"YOU", bugzilla administrators

> End of non-bug related discussion.

I wanted a bug related discussion but I could not get it. Excuse me if only got
you angry instead of talk about this bug.

Comment 12

13 years ago
for the record, none of the people who touched this bug are bugzilla
administrators, and bugzilla administrators have little to do with the everyday
management of individual bugs. now, mconnor is a firefox peer, and dveditz is a
mozilla.org driver, so they are well within their right to take the actions they
took.
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.