Closed Bug 815102 Opened 12 years ago Closed 11 years ago

Firefox can't find the file at http://h2vx.com/vcf/tantek.com/%23contact

Categories

(Firefox :: General, defect)

16 Branch
x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: tantek, Unassigned)

References

()

Details

This used to work and stopped working in Firefox at some point.

If you try to navigate to:

http://h2vx.com/vcf/tantek.com/#contact

Firefox displays:

"
File not found        
        
Firefox can't find the file at http://h2vx.com/vcf/tantek.com/#contact.
        
Check the file name for capitalization or other typing errors.
Check to see if the file was moved, renamed or deleted.
"

This makes no sense for a couple of reasons:

1. "File not found" is nonsensical for an *http* request. Bad error message at best, mishandling of "http" URLs at worst, which means a possible security problem, so I'm checking the security box accordingly.

2. That URL works fine in both Safari and Opera. And used to work in Firefox.

I've tried clearing my cache, cookies, and disabling all add-ons to no avail.

Since this used to work, it's quite an annoying regression.

Expected behavior: you get a download dialog for a .vcf.
Summary: Firefox can't find the file at http://h2vx.com/vcf/tantek.com/#contact → Firefox can't find the file at http://h2vx.com/vcf/tantek.com/%23contact
why is this security sensitive?
(In reply to Olli Pettay [:smaug] from comment #1)
> why is this security sensitive?

It's not, and I get the same error in Chrome. There may be an issue here but it's not security sensitive.
Group: core-security
The file is URL wfm with 
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20.0 Firefox/20.0 SeaMonkey/2.17a1
and with a 12h old self compiled Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20.0 Firefox/20.0
(In reply to Curtis Koenig [:curtisk] from comment #2)
> (In reply to Olli Pettay [:smaug] from comment #1)
> > why is this security sensitive?
> 
> It's not,

Because an error message like "*File* not found" in response to an *http* access made me suspect there may be an unintentional code path here where an http:// request is mistreated as a file:/// request which seems like a potential security hole to me.


> and I get the same error in Chrome.

Odd, wonder why they get an error and Safari doesn't. Perhaps I'll mention it to someone on Chrome team and see what they think of the problem.
Chrome and Safari have different networking backenda, AFAIK, so they have different behavior.
FWIW I just tried this on FF17 and it works as expected there. Feel free to (de)prioritize accordingly. Thanks.
The output of the server in case of the error would be useful.
http://web-sniffer.net/ is handy for that
WFM on Latest Nightly and FF 19b3 on Mac OS 10.8.2. It could had been fixed by another bug's patch as long as Open Dialog appears automatically while navigating to:

http://h2vx.com/vcf/tantek.com/#contact

and 

http://h2vx.com/vcf/tantek.com/%23contact
Can anyone still reproduce this issue? The bug should be closed per comments 6 and 8.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.