If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Wrong URL being tested against Allowed Sites on XPI install

RESOLVED DUPLICATE of bug 257055

Status

()

Firefox
General
--
major
RESOLVED DUPLICATE of bug 257055
12 years ago
11 years ago

People

(Reporter: reed, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4

On http://www.securityfocus.com/bid/14784/solution:

Mozilla Firefox 1.0.6

    * Mozilla Patch 307259.xpi
      http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/
307259.xpi

When I click the above FTP link, I am given a yellow info bar that says "To
protect your computer, Firefox prevented this site (www.securityfocus.com) from
installing software on your computer."

This is wrong. The link does not go to a page on www.securityfocus.com but to a
file on ftp.mozilla.org. It should check "ftp.mozilla.org" against the Allowed
Sites list and NOT www.securityfocus.com.

Reproducible: Always

Steps to Reproduce:
1. Go to http://www.securityfocus.com/bid/14784/solution
2. Click on the link to
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/
307259.xpi under Mozilla Firefox 1.0.6 (Mozilla Patch 307259.xpi).
See incorrect URL in info bar

Actual Results:  
See incorrect URL in info bar

Expected Results:  
The download from "ftp.mozilla.org" should have been checked and let through as
it is in my Allowed Sites list.

This is a fairly major bug as it could cause people to allow the wrong sites
entry into their "Allowed Sites" list even though the site itself might not be
hosting the file.
See bug 240552 comment 38.

The whitelist is based on sites linking to the extension, not hosting it. This
is intentional.

*** This bug has been marked as a duplicate of 257055 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.