User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 On http://www.securityfocus.com/bid/14784/solution: Mozilla Firefox 1.0.6 * Mozilla Patch 307259.xpi http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/ 307259.xpi When I click the above FTP link, I am given a yellow info bar that says "To protect your computer, Firefox prevented this site (www.securityfocus.com) from installing software on your computer." This is wrong. The link does not go to a page on www.securityfocus.com but to a file on ftp.mozilla.org. It should check "ftp.mozilla.org" against the Allowed Sites list and NOT www.securityfocus.com. Reproducible: Always Steps to Reproduce: 1. Go to http://www.securityfocus.com/bid/14784/solution 2. Click on the link to http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/ 307259.xpi under Mozilla Firefox 1.0.6 (Mozilla Patch 307259.xpi). See incorrect URL in info bar Actual Results: See incorrect URL in info bar Expected Results: The download from "ftp.mozilla.org" should have been checked and let through as it is in my Allowed Sites list. This is a fairly major bug as it could cause people to allow the wrong sites entry into their "Allowed Sites" list even though the site itself might not be hosting the file.
See bug 240552 comment 38. The whitelist is based on sites linking to the extension, not hosting it. This is intentional. *** This bug has been marked as a duplicate of 257055 ***