Closed Bug 307031 Opened 19 years ago Closed 17 years ago

unknown mimetype will launch app even if FF is told to download for others with same extension

Categories

(Toolkit :: Downloads API, defect)

Product:
Toolkit
Component:
Downloads API
Version:
1.7 Branch
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: peter.schaefer, Unassigned)

References

(
URL
)

Details

(Whiteboard: CLOSEME 07/09) 

User-Agent:       Mozilla/5.0 (Windows; U; Win98; de-DE; rv:1.7.10) Gecko/20050717 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Win98; de-DE; rv:1.7.10) Gecko/20050717 Firefox/1.0.6

Firefox allows insufficent control; it will open a mimetype of
application/x-zip-compressed with winzip even if it is told nowhere in the
settings/downloads to do so(and I can't even add the mimetype, because FF just
allows me to edit/remove existing types). 

While at first glance being a minor usuability glitch, this is a major security
bug, since it allows any link on the web to launch an application, feed it data,
and exploit a vulnerability in the app WITHOUT further user interaction.

It's no excuse that in might be possible to configure the OS to act more safely,
I want FF to act safely.

Reproducible: Always

Steps to Reproduce:
1. register at ror-zone to be able to download
2. download

Actual Results:  
if your system is configured like me, it will open winzip because the data is
provided with an unknown mimetype of application/x-zip-compressed, thereby
bypassing any FF settings

Expected Results:  
I should be able to configure FF safely regardless of settings that may be
hidden somewhere in the registry, such that FF will show the download dialog,
not open the content with the application.

I tried to fix it by adding application/x-zip-compressed to some netscape
settings in the registry, but i believe these are unrelated entries.

I suppose at the root of the problem is:
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zip-compressed]
"Extension"=".zip"

I will still submit my bug report, since I can configure this nowhere in
settings/downloads.
Group: security
Reporter, do you still see this problem with the latest Firefox 2? If not, can you please close this bug as WORKSFORME. Thanks!
Whiteboard: CLOSEME 07/09
Version: unspecified → 1.0 Branch
To reproduce on my new machine, I removed the .zip entry pointing to /zip and checked that the MIME type x.zip compressed was still there.

Firefox 2.0.0.4 consistently presented me with a dialog box as wished for.

Therefore I'd close this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Resolution: FIXED → WORKSFORME
Status: RESOLVED → VERIFIED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.