Closed Bug 309972 Opened 19 years ago Closed 19 years ago

Make the hello world directory in home directory

Categories

(Firefox Build System :: General, defect)

Product:
Firefox Build System
Component:
General
Platform:
Other
FreeBSD
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: feussj83, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:needinfo] FreeBSD built from wrong source?) 

User-Agent:       Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.12) Gecko/20050925 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.12) Gecko/20050925 Firefox/1.0.7

If you create a link in gaim (perhaps other external applications as well) to
http://`mkdir ~/helloworld`/ and click on it, it creates a helloworld directory
in the home directory.  This exploit was supposed to be fixed in firefox 1.07.

Reproducible: Always

Steps to Reproduce:
1. Make an external link to http://`mkdir ~/helloworld`/
2. Click on it
3. The directory appears in your home directory

Actual Results:  
There was a helloworld directory in my home directory.

Expected Results:  
There shouldn't be a helloworld directory in my home directory.
Where did you get the 1.7.12 build?  Perhaps whoever built it built it from the
wrong source, and you should file the bug with them?
Er, sorry, the Firefox 1.0.7 build.
mozilla.org does not build or officially distribute FreeBSD builds (32 or 64
bit). We do host some contributed builds, and if one of those is being done
wrong we'd like the chance to educate or improve communication with the
contributor. But in
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.7/contrib I only see
an OS/2 build.

Where did your build come from?
Group: security
Component: Startup and Profile System → Build Config
Whiteboard: [sg:needinfo] FreeBSD built from wrong source?
The build came right from the FreeBSD ports.  It downloaded the 1.0.7. source
tarball.
You built it yourself? Does your source have these changes?
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=AVIARY_1_0_1_20050124_BRANCH&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-09-20&maxdate=2005-09-21&cvsroot=%2Fcvsroot

According to http://www.freshports.org/www/firefox/ it should have the fix.

Or did it get *our* tarball? The current one (dated Sept 21) in the firefox
1.0.7 release directory has the change, but this *was* the last thing that went
in and someone may have grabbed a too-early version.

I think this is invalid and needs to be directed towards whatever bugtracking
mechanism the FreeBSD folks use.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Component: Build Config → General
Product: Firefox → Firefox Build System
You need to log in before you can comment on or make changes to this bug.