Closed Bug 81703 Opened 24 years ago Closed 22 years ago

Warning dialog when executing code off the network

Categories

(Core Graveyard :: File Handling, defect, P3)

Product:
Core Graveyard
Component:
File Handling
Platform:
x86
Windows 98
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 91969
Milestone:
mozilla1.2alpha

People

(Reporter: vishy, Assigned: samir_bugzilla)

References

Details

When you download an exe or other executable off the network, and execute it from the helper app dialog, there needs to be a warning alert that alerts you to the possibility of malicious code, viruses etc. German, can you work with Law on the UE design for this. jatin - can you work to get the wording for this dialog. thanks, Vishy
Keywords: nsbeta1+
Target Milestone: --- → mozilla0.9.2
The design proposal Law and I talked over briefly yesterday was that we would bring up a 3 button dialog right after the file helper/download dialog has been shown and was dismissed with the intent to open a file. When the app detects that it is an executable file, it will bring up that warning, that will include: - A title: Something like Security Warning - A header text label with information about the file, like it's name where it came from etc saying "You are about to launch file xyz on your computer" - A middle text section that briefly talks about the potential security risks of doing so - A lower text section asking something like: " Are you sure you want to launch this file?" - 3 buttons saying something like: [ Cancel ][ Save Instead...] [Lauch File] Lauch file should probably not be defaulted as it can result in hazardous action. I am cc'ing the info design group for proper cleanup and language, Jatin can you or somebody in your group help finalize the wording? Thx
we really need to get this behaviour finalized and implemented early in mozilla0.9.2 so that it can be well tested.
Priority: -- → P1
Need to: 1. Code up UI (xul/js); this isn't the problem. 2. Figure out how/where to insert code to check whether that UI is necessary and display it if it is. This is harder because some of that code is in the uriloader and it doesn't have a convenient way to get to the UI stuff. That might be a little tricky.
Whiteboard: time:3days
Another one for you, Samir. This code is in the came vicinity as the helper app dialog forcing stuff you did for beta. I can advise you about how to tackle it and it might not be too hard.
Assignee: law → sgehani
Target Milestone: mozilla0.9.2 → mozilla0.9.3
nav triage -> m1.0, we would have loved to get this, but its too late now.
Target Milestone: mozilla0.9.3 → mozilla1.0
This is a very easy, low risk fix with very high reward. I think we can leave the helper app dialog aspect of it (not including the Choose... button and just making it say "Open") until next release, but I think we should try to enable Launch File for rtm. We obviously can already detect .exe's with ease, since we disable the Launch File button. Thus, all that's needed here is to throw up a simple alert. Cc'ing security people for suggested wording. I don't think we need such a feature-rich dialog as German proposes (with Save Instead..., etc.) for rtm. We just need a warning dialog with OK and Cancel buttons.
moving up to mozilla0.9.5, we may want to get this in for the next release if we can clear out the higher priority bugs.
Target Milestone: mozilla1.0 → mozilla0.9.5
Mass-moving lower-priority 0.9.5 bugs off to 0.9.6 to make way for remaining 0.9.4/eMojo bugs, and MachV planning, performance and feature work. If you disagree with any of these targets, please let me know.
Target Milestone: mozilla0.9.5 → mozilla0.9.6
Component: XP Apps → File Handling
Moving to mozilla0.9.7.
Target Milestone: mozilla0.9.6 → mozilla0.9.7
-> mozilla0.9.9
Target Milestone: mozilla0.9.7 → mozilla0.9.9
Bill, Do we need this for Mach V? If so, please nominate. Is this a dupe?
Priority: P1 → P3
Target Milestone: mozilla0.9.9 → mozilla1.0
Nominating. This is a something some people really want. There are other bugs affecting the helper app dlg and the changes for this could be incorporated into that work and the cost would be reduced somewhat. Marketing's call, I say. There may be other bugs calling for the same feature. None of those is nsbeta1+, I don't think.
Keywords: nsbeta1
Whiteboard: time:3days
nsbeta1- per ADT triage team
Keywords: nsbeta1nsbeta1-
Target Milestone: mozilla1.0 → mozilla1.2
QA Contact: sairuh → petersen
*** Bug 106094 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of 91969 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.