Closed Bug 291627 Opened 20 years ago Closed 20 years ago

download manager displays wrong filename when downloading data: url

Categories

(Toolkit :: Downloads API, defect)

Product:
Toolkit
Component:
Downloads API
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 291064

People

(Reporter: pvnick, Assigned: dveditz)

References

(
URL
)

Details

(Keywords: regression, Whiteboard: [sg:fix])

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.40607) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 When a specially crafted data: url is navigated to, the download manager asks the user if he/she wants to open or save the file. However, it displays the location of the file, not the actual filename. Reproducible: Always Steps to Reproduce: 1. Navigate to the address data:application/hta;ISO-8859-1,<script>alert (location.href)</script> 2. Choose "Save" 3. Open the file Actual Results: mshta.exe opens a file containing <script>alert(location.href)</script> Expected Results: display the filename of the target file, not the address this could be performed by guillable/ignorant web users to unknowingly compromise their system
This is dependent on bugs 290829, 291064 -- those bugs fix dialog breakage for nsSimpleURL types such as data: The exception thrown in initIntro() aborts the setup code before it does the isExecutable checks, among other things.
Assignee: bugs → dveditz
Status: UNCONFIRMED → NEW
Depends on: 290829, 291064
Ever confirmed: true
Flags: blocking-aviary1.1+
Flags: blocking-aviary1.0.4?
Keywords: regression
Whiteboard: [sg:fix]
testcase URL is missing, might as well dupe to the fix *** This bug has been marked as a duplicate of 291064 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Flags: blocking-aviary1.0.5?
Resolution: --- → DUPLICATE
Group: security
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.