Disable browser.download.manager.alertOnEXEOpen and set internet zone bit on all downloaded files

RESOLVED FIXED in mozilla1.9.1b2

Status

()

Toolkit
Downloads API
P2
minor
RESOLVED FIXED
10 years ago
4 years ago

People

(Reporter: Lior Halphon (LIJI), Assigned: jimm)

Tracking

(Blocks: 1 bug)

Trunk
mozilla1.9.1b2
x86
Windows XP
Points:
---
Dependency tree / graph
Bug Flags:
blocking1.9.1 -
wanted1.9.1 +
blocking1.9 -
in-litmus ?

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 2 obsolete attachments)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4

The security warning for opening exes borrowed from IE6 SP2 should be reverted to the Firefox 2 for various reasons:

- Depends on Windows version (XP, Vista / no SP, SP1, SP2) and IE version. A browser should not depend on another one!
- Can not be disabled from the warning box itself in contrast to the Firefox 2 warning. (The check box in the IE box only disables it for one file)
- The only way to disable it is in the IE settings Dialog box! Changing settings for Firefox using the IE settings dialog box is completely ironic and not user friendly.
- People who uninstalled IE with a program such as XPLite (Like me) are not able to change the setting! Uninstalling IE is not a too rare thing among Mozilla fans.

Please reconsider the warning box or implement it in a way which is less dependent on IE.


Reproducible: Always
er, is this a result of using IAttachmentExecute Jim/Rob?
Yes. IAE writes some meta data in an alternate stream attached to the file. When the file is launched, the shell (explorer) will check for that alternate stream and prompt depending on its contents. This is a feature that was added in XP SP2 (along with IAE itself).

(In reply to comment #0)
> - Depends on Windows version (XP, Vista / no SP, SP1, SP2) and IE version. A
> browser should not depend on another one!

Why shouldn't a browser change its behavior depending on the OS? We are using a new feature available to us that gives better OS integration, why is this bad?

> - Can not be disabled from the warning box itself in contrast to the Firefox 2
> warning. (The check box in the IE box only disables it for one file)

Removing the alternate stream will remove the dialog box. It should be fairly easy to write an extension that does just that.

> - The only way to disable it is in the IE settings Dialog box! Changing
> settings for Firefox using the IE settings dialog box is completely ironic and
> not user friendly.

Agreed, but there's no way to disable the fx warning either. I think we should remove the fx warning however; two prompts that ask the same thing is excessive.

> - People who uninstalled IE with a program such as XPLite (Like me) are not
> able to change the setting! Uninstalling IE is not a too rare thing among
> Mozilla fans.

Uninstalling IE is not common among Firefox users or probably most users in general. You removed a key part of the OS that wasn't designed to be removed.

> 
> Please reconsider the warning box or implement it in a way which is less
> dependent on IE.
> 

No one wants to be dependent on IE, but it is installed by default on every Windows computer and is still pretty well integrated into the OS.
(Assignee)

Comment 3

10 years ago
Created attachment 313124 [details]
dialogs

If the top two are the dialogs in question, the third is the properties on the exe file. Clicking unblock will erase the meta data that brings these up.

> Why shouldn't a browser change its behavior depending on the OS? We are using a
> new feature available to us that gives better OS integration, why is this bad?

(Also better security.) 

For what it's worth, I've got an open item to add a pref to disable the use of AE and fall back on iofficeantivirus. This would be a hidden pref for power users only.
(Reporter)

Comment 4

10 years ago
> Why shouldn't a browser change its behavior depending on the OS?

It's not effected purely by the OS, but also but the IE version

> We are using a new feature available to us that gives better OS integration, why is this bad?

If the feature limits the user and can't be disabled while the older version (Firefox 2 warning box) didn't, makes it bad

> Removing the alternate stream will remove the dialog box. It should be fairly
> easy to write an extension that does just that.

Why should we use an extension to do something that was possible to do without an extension in an older version of Firefox?

> No one wants to be dependent on IE, but it is installed by default on every
> Windows computer and is still pretty well integrated into the OS.

Older Firefox 3 betas and Firefox 2 as well were 0% dependent on IE.  Also keep in mind that Firefox and IE are rival products, which should not depend on each other.
(Assignee)

Comment 5

10 years ago
Lior -

>The only way to disable it is in the IE settings Dialog box! Changing
>settings for Firefox using the IE settings dialog box is completely ironic and
>not user friendly.

I was just looking for this in IE7's settings but couldn't find it. Which setting were you using? I think the pref I previously mentioned is what you're looking for. 
(Reporter)

Comment 6

10 years ago
I read it's under the Security Zone settings in IE, but I'm not entirely sure as I don't have IE.
I'll try it in my virtual machine that has IE installed. ( I don't trust it to have it on my real machine ;) )
(Reporter)

Comment 7

10 years ago
It seems to be under Custom Level in Security Zone settings under Misc. - Launching Applications and unsafe files.
(Assignee)

Comment 8

10 years ago
>It seems to be under Custom Level in Security Zone settings under Misc. -
>Launching Applications and unsafe files.

Check your control panel for an applet labeled "Internet Options". If that's present, you can access it there.
(Reporter)

Comment 9

10 years ago
I've mentioned it before, I uninstalled IE using XPLite therefore I can not access this applet although it is preset in Control panel, yet this is not the problem.
The problem is that you must access rival browser to disable a "feature" in Firefox and that the way of disabling is very not obvious and not user friendly in contrast of the 1-click way of Firefox 2 and it should be changed.
The control panel is not a rival application.
(Reporter)

Comment 11

10 years ago
Internet Explorer is. It is required to enter its settings dialog to disable the feature.
Sure, according to your hack to remove it it is required.  IE is an integral part of the windows operating system, which is why MS doesn't support the removing of it.  We can't help you if you hack your system to the point where it is not supported by the manufacturer.
(Reporter)

Comment 13

10 years ago
It's required even if IE is installed natively.
However since I don't have IE I can't remove it at ALL, but my specific problem is NOT the one that matters!
Quoting a previous message I posted:
> The problem is that you must access rival browser to disable a "feature" in
> Firefox and that the way of disabling is very not obvious and not user friendly
> in contrast of the 1-click way of Firefox 2 and it should be changed.
Please ignore the fact that I've uninstalled IE in this bug report as it is irreverent. 
(In reply to comment #13)
> Please ignore the fact that I've uninstalled IE in this bug report as it is
> irreverent. 
Ok, ignoring that you don't have IE, then here's how I see the situation. When you try to run a downloaded exe, you get a non-fx prompt asking if you really want to run it. Your complaint is that this dialog cannot be disabled from within Firefox, right?

This prompt is not being put up by Firefox; it's actually put up by Explorer (the shell, not the browser), which is a part of the OS. Thus, it is not Firefox's feature (the dialog popup is actually a side effect of another feature), but Firefox is triggering the OS feature. Thus, you should look to the OS for a setting to disable it; this setting lives in the Internet Options applet in the Control panel. Now then, if the software you use removes this from when it removes IE, then I would call that a bug in their software. There are many settings in Windows that are considered IE only even though they should not be considered such, as this one is.
OK, so this is pretty bad UE that is pretty easily fixed.  We need to set browser.download.manager.alertOnEXEOpen to false when we are using IAE.

Jim, think you could take this?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking-firefox3?
Priority: -- → P3
Summary: Security Warning for EXEs should be rethought → Set browser.download.manager.alertOnEXEOpen to false when IAE is being used
Target Milestone: --- → Firefox 3
(Assignee)

Comment 16

10 years ago
Sure. What's everybody's feeling on a new mozilla pref that disables the use of AE as well?
Assignee: nobody → jmathies
(In reply to comment #16)
> Sure. What's everybody's feeling on a new mozilla pref that disables the use of
> AE as well?
Let's bring that up in a new bug with the reasons for and against please.
(Assignee)

Comment 18

10 years ago
> Let's bring that up in a new bug with the reasons for and against please.

well, the reason I asked is that I'm thinking it's pointless with this so I wasn't going to post it. :)

should we worry about situations where we set this value to false in the scanner when AE is present, and then the user for some reason sets it back to true? 
I would say just set it to false every time we init IAE.  We know that windows will display a dialog (unless someone has disabled it, but that means they, in theory, know what they are doing).  I also suspect that most people set that pref to false (would be a good thing to ask the metrics collector folks!) the first time they see the dialog.
(Assignee)

Comment 20

10 years ago
Created attachment 313412 [details] [diff] [review]
prompt patch v.1
Attachment #313412 - Flags: review?(sdwilsh)
(Assignee)

Comment 21

10 years ago
There's an interesting side bug related to this. If you cancel the windows security dialog, the protocol dialog will come up with "file" as the default handler. It's unrelated to this patch - probably something we should split out once this lands.
Comment on attachment 313412 [details] [diff] [review]
prompt patch v.1

r=sdwilsh
Attachment #313412 - Flags: review?(tellrob)
Attachment #313412 - Flags: review?(sdwilsh)
Attachment #313412 - Flags: review+
Comment on attachment 313412 [details] [diff] [review]
prompt patch v.1

I think we should call CheckPolicy to see if the prompt will appear before setting the pref.
This will not block the final release of Firefox 3. Any patch will need unit tests in order to be approved.
Flags: blocking-firefox3? → blocking-firefox3-
(Reporter)

Comment 25

10 years ago
I've recently downloaded an MP3 file and saw this dialog again.
Not only it wasn't very informative, (It said: It's an MP3 file... Publisher: Unknown) it appeared for a file which is completely safe for use!
Just letting you know. :)
Comment on attachment 313412 [details] [diff] [review]
prompt patch v.1

I think rob minused this with his comment - jimm can you address it please?
Attachment #313412 - Flags: review?(tellrob)
(Assignee)

Comment 27

10 years ago
> I've recently downloaded an MP3 file and saw this dialog again.
> Not only it wasn't very informative, (It said: It's an MP3 file... Publisher:
> Unknown) it appeared for a file which is completely safe for use!
> Just letting you know. :)

That's odd, I tried that here andf the mp3 gets dropped right into my mp3 player without prompt. Any ideas why your system is treating these differently Lior?
(Assignee)

Comment 28

10 years ago
> I think rob minused this with his comment - jimm can you address it please?

I need to look at check policy to see if this will work. In general though I'm thinking this cahnge will land in 3.1 at this point.
(Reporter)

Comment 29

10 years ago
The only reason I can think of is that I uninstalled IE, but it doesn't seem to be the reason. (I had similar problems with Virtual Machines with XP and IE installed, and as it was told before that feature is not tied to IE)
I also had the warning with a Midi file (How unsafe can THAT be? ;)), but it doesn't happen with all MIDI and MP3 files, it's quite rare but it happens.
I still think this feature is causing too much troubles against too less helpfulness.
(Assignee)

Updated

10 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 30

10 years ago
Created attachment 324356 [details] [diff] [review]
prompt patch v.2

Updated based on comments, also added the option that if the user has specifically set the flag, this won't override it.
Attachment #313412 - Attachment is obsolete: true
Attachment #324356 - Flags: review?(tellrob)
(Assignee)

Updated

10 years ago
Flags: blocking-firefox3.1?
Target Milestone: Firefox 3 → Firefox 3.1

Updated

10 years ago
Flags: wanted1.9.0.x?
Comment on attachment 324356 [details] [diff] [review]
prompt patch v.2

Looks good
Attachment #324356 - Flags: review?(tellrob) → review+
we want this.

Jim, can you write up a litmus style testcase?  Pretty sure we can't automate something to test against specific Windows settings at the current time.  Not sure if its worth adding something like that to the test harness.
Flags: wanted-firefox3.1+
Flags: blocking-firefox3.1?
Flags: blocking-firefox3.1-
Priority: P3 → P2
(Assignee)

Updated

9 years ago
Blocks: 443215
Product: Firefox → Toolkit
Flags: wanted1.9.0.x?
Flags: wanted1.9.0.x+
Flags: in-litmus?
Whiteboard: [needs testcase / trunk landing]
(Assignee)

Updated

9 years ago
Depends on: 445158
(Assignee)

Updated

9 years ago
Summary: Set browser.download.manager.alertOnEXEOpen to false when IAE is being used → Disable browser.download.manager.alertOnEXEOpen and set internet zone bit on all downloaded files
(Assignee)

Comment 33

9 years ago
We can solve this in a cleaner way, we can set the internet zone bit on all files even when IAE is not used, which will enable the default windows prompting. Then we can eliminate our custom prompt.
(Assignee)

Comment 34

9 years ago
(In reply to comment #33)
> We can solve this in a cleaner way, we can set the internet zone bit on all
> files even when IAE is not used, which will enable the default windows
> prompting. Then we can eliminate our custom prompt.

(alertOnExeOpen would then control the setting of the bit and the windows prompt, rather than our custom prompt.)
(Assignee)

Comment 35

9 years ago
Created attachment 344208 [details] [diff] [review]
prompt patch v.3
[Checkin: Comment 42]

I think this is a better approach. Keep the alert option and use it to control the security data added to the file. The one problem I ran into is the lack of a way to detect the difference between xp and xpsp2 in script, so this will work as such - 

vista:
- our prompt is never displayed, alertOnEXEOpen controls whether or not the os prompts.

xpsp2:
- both our prompt and windows prompts will display if alertOnEXEOpen is set.
- neither will be displayed if alertOnEXEOpen is not set.

xp:
- our prompt is displayed based on alertOnEXEOpen.
Attachment #324356 - Attachment is obsolete: true
Attachment #344208 - Flags: review?(sdwilsh)
Can't we check for the security data on the file before invoking it? That seems like the best solution to me.
(Reporter)

Comment 37

9 years ago
Well, that what I meant in the first place, however you didn't seem to understand. ;)
Good to know this problem is finally getting fixed! :)
(Assignee)

Comment 38

9 years ago
(In reply to comment #36)
> Can't we check for the security data on the file before invoking it? That seems
> like the best solution to me.

That doesn't give you any assurance that your on a system that prompts. For example, you could receive a file with the fork on it from another computer. Plus, the call to invoke originates in the downloads.js file, so I'm not sure. I wonder if nsIFile would be able to handle a resource fork path.

If we had finer grained info on the version of the os in script, we could smooth this out a bit, but I wasn't able to find anything besides system-info, which doesn't provide it.
Just because we don't have that exposed yet doesn't mean we can't expose it to script if its useful... :)

Updated

9 years ago
Attachment #344208 - Flags: review?(sdwilsh) → review+
Comment on attachment 344208 [details] [diff] [review]
prompt patch v.3
[Checkin: Comment 42]

r=sdwilsh
(Assignee)

Comment 41

9 years ago
(In reply to comment #39)
> Just because we don't have that exposed yet doesn't mean we can't expose it to
> script if its useful... :)

I thought about that, but, two points that made me think it's not needed - one, it would only be useful in strange corner cases like this related to security differences, and two, in time no one will care as xp gets phased out. 

We might have a need minor version info down the road, but I didn't think it was needed simply for this. The xpsp2 functionality this results in is identical to the way Fx3 works now on xpsp2 and Vista. I haven't heard a lot of complaints about that behavior.
Whiteboard: [needs testcase / trunk landing]
(Assignee)

Updated

9 years ago
Keywords: checkin-needed
(Assignee)

Updated

9 years ago
Version: unspecified → Trunk
Comment on attachment 344208 [details] [diff] [review]
prompt patch v.3
[Checkin: Comment 42]

http://hg.mozilla.org/mozilla-central/rev/945ee52fc955
Attachment #344208 - Attachment description: prompt patch v.3 → prompt patch v.3 [Checkin: Comment 42]
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: mozilla1.9.1 → mozilla1.9.1b2
Flags: wanted1.9.0.x+

Comment 43

8 years ago
I'm not sure how we went from "Let's revert this unwanted feature change to the older behavior" to "Let's make it worse", but that appears to be what happened. Putting zone identifier information in every file is a terrible idea and it is now one of the major (yet under-voted) bugs in Firefox 3.5.

https://bugzilla.mozilla.org/show_bug.cgi?id=499448

The workaround to turn off alertOnEXEOpen seems like a bad option. Either this issue should be reopened or the other one should be fixed.

Updated

6 years ago
Depends on: 760889

Updated

6 years ago
No longer depends on: 760889

Updated

4 years ago
Depends on: 916126
Depends on: 952961
You need to log in before you can comment on or make changes to this bug.