Closed Bug 773105 Opened 9 years ago Closed 9 years ago

C:\program.exe is always invoked instead of helper.exe

Categories

(Firefox :: Shell Integration, defect)

13 Branch
x86
Windows 7
defect
Not set
normal

Tracking

()

VERIFIED FIXED
Firefox 16
Tracking Status
firefox14 --- wontfix
firefox15 + verified
firefox16 + verified
firefox-esr10 15+ verified

People

(Reporter: bbondy, Assigned: bbondy)

References

Details

(Keywords: sec-moderate, Whiteboard: [advisory-tracking-])

Attachments

(1 file)

Steps to reproduce:

1. Put program named of the "program.exe" in "C:\".
2a. Startup Firefox for the first time
or 2b. Set default browser
3. But "program.exe" in "C:\" is run.


Actual results:

The program named of "program.exe" in ":C\" is run.


Expected results:

helper.exe should run.
No though similar... this has to do with the way the shell integration code launches programs.
Attached patch Patch v1.Splinter Review
Attachment #641305 - Flags: review?(robert.bugzilla)
Attachment #641305 - Flags: review?(robert.bugzilla) → review+
Adding Frank and Jens to CC, Jens as a SeaMonkey person who has been trying to keep on top of security related issues. Frank as the SeaMonkey person owning the Win Shell Service.
(In reply to Justin Wood (:Callek) from comment #5)
> Adding Frank and Jens to CC, Jens as a SeaMonkey person who has been trying
> to keep on top of security related issues. Frank as the SeaMonkey person
> owning the Win Shell Service.
Also check out bug 770478.
https://hg.mozilla.org/mozilla-central/rev/367729a91a97
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
I filed Bug 773990 for updating SeaMonkey. Can someone add me to the CC list for Bug 770478 if this is something that affects SeaMonkey installer/shell service?
(In reply to Frank Wein [:mcsmurf] from comment #8)
> I filed Bug 773990 for updating SeaMonkey. Can someone add me to the CC list
> for Bug 770478 if this is something that affects SeaMonkey installer/shell
> service?
Done
Whiteboard: [qa+]
Drivers, do you want this on other branches?
Yes, please nominate for branches, including ESR - I'll be approving bug 770478 now.
Comment on attachment 641305 [details] [diff] [review]
Patch v1.

[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: It is a sec-moderate. Nominating based on Comment 11.
User impact if declined: When a user sets default browser, an application c:\program.exe will be executed if it exists, and default browser will not be set.
Fix Landed on Version: m-c v16 (which is now Aurora)
Risk to taking this patch (and alternatives if risky): Low risk.
String or UUID changes made by this patch: None.

See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.
Attachment #641305 - Flags: approval-mozilla-esr10?
Attachment #641305 - Flags: approval-mozilla-beta?
Comment on attachment 641305 [details] [diff] [review]
Patch v1.

[Triage Comment]
Low risk, sg:moderate fix. Let's land in time for tomorrow's beta build. Thanks!
Attachment #641305 - Flags: approval-mozilla-esr10?
Attachment #641305 - Flags: approval-mozilla-esr10+
Attachment #641305 - Flags: approval-mozilla-beta?
Attachment #641305 - Flags: approval-mozilla-beta+
Noted in public advisory for bug 770478.
Whiteboard: [qa+] → [qa+][advisory-tracking-]
Does this need a test in-testsuite? If not, does it need a manual test?
I think a manual test, the steps are in Comment 0.
Keywords: verifyme
Whiteboard: [qa+][advisory-tracking-] → [advisory-tracking-]
Confirmed reproducible with Firefox 13.0.1.

Verified fixed with:
 * 2012-08-24 Firefox 17.0a1
 * 2012-08-24 Firefox 16.0a2
 * 2012-08-24 Firefox 10.0.7esrpre
 * Firefox 15.0b6
Status: RESOLVED → VERIFIED
Keywords: verifyme
QA Contact: anthony.s.hughes
Group: core-security
You need to log in before you can comment on or make changes to this bug.