Closed Bug 81703 Opened 24 years ago Closed 22 years ago

Warning dialog when executing code off the network


(Core Graveyard :: File Handling, defect, P3)

Windows 98


(Not tracked)



(Reporter: vishy, Assigned: samir_bugzilla)



When you download an exe or other executable off the network, and execute it 
from the helper app dialog, there needs to be a warning alert that alerts you to 
the possibility of malicious code, viruses etc. 

German, can you work with Law on the UE design for this. 
jatin - can you work to get the wording for this dialog. 

thanks, Vishy
Keywords: nsbeta1+
Target Milestone: --- → mozilla0.9.2
The design proposal Law and I talked over briefly yesterday was that we would 
bring up a 3 button dialog right after the file helper/download dialog has been 
shown and was dismissed with the intent to open a file. When the app detects 
that it is an executable file, it will bring up that warning, that will include:
- A title: Something like Security Warning
- A header text label with information about the file, like it's name where it 
came from etc saying "You are about to launch file xyz on your computer"
- A middle text section that briefly talks about the potential security risks 
of doing so
- A lower text section asking something like: " Are you sure you want to launch 
this file?"
- 3 buttons saying something like:
[ Cancel ][ Save Instead...] [Lauch File]
Lauch file should probably not be defaulted as it can result in hazardous 
I am cc'ing the info design group for proper cleanup and language, Jatin can 
you or somebody in your group help finalize the wording? Thx
we really need to get this behaviour finalized and implemented early in 
mozilla0.9.2 so that it can be well tested.  
Priority: -- → P1
Need to:

1. Code up UI (xul/js); this isn't the problem.
2. Figure out how/where to insert code to check whether that UI is necessary 
and display it if it is.  This is harder because some of that code is in the 
uriloader and it doesn't have a convenient way to get to the UI stuff.  That 
might be a little tricky.
Whiteboard: time:3days
Another one for you, Samir.  This code is in the came vicinity as the helper 
app dialog forcing stuff you did for beta.  I can advise you about how to 
tackle it and it might not be too hard.
Assignee: law → sgehani
Target Milestone: mozilla0.9.2 → mozilla0.9.3
nav triage -> m1.0, we would have loved to get this, but its too late now. 
Target Milestone: mozilla0.9.3 → mozilla1.0
This is a very easy, low risk fix with very high reward.  I think we can leave 
the helper app dialog aspect of it (not including the Choose... button and just 
making it say "Open") until next release, but I think we should try to enable  
Launch File for rtm.

We obviously can already detect .exe's with ease, since we disable the Launch 
File button.  Thus, all that's needed here is to throw up a simple alert.  
Cc'ing security people for suggested wording.  I don't think we need such a 
feature-rich dialog as German proposes (with Save Instead..., etc.) for rtm.  We 
just need a warning dialog with OK and Cancel buttons.

moving up to mozilla0.9.5, we may want to get this in for the next release if we 
can clear out the higher priority bugs. 
Target Milestone: mozilla1.0 → mozilla0.9.5
Mass-moving lower-priority 0.9.5 bugs off to 0.9.6 to make way for remaining
0.9.4/eMojo bugs, and MachV planning, performance and feature work. If you
disagree with any of these targets, please let me know.
Target Milestone: mozilla0.9.5 → mozilla0.9.6
Component: XP Apps → File Handling
Moving to mozilla0.9.7.
Target Milestone: mozilla0.9.6 → mozilla0.9.7
-> mozilla0.9.9
Target Milestone: mozilla0.9.7 → mozilla0.9.9
Do we need this for Mach V?  If so, please nominate.  Is this a dupe?
Priority: P1 → P3
Target Milestone: mozilla0.9.9 → mozilla1.0
Nominating.  This is a something some people really want.  There are other bugs
affecting the helper app dlg and the changes for this could be incorporated into
that work and the cost would be reduced somewhat.  Marketing's call, I say.

There may be other bugs calling for the same feature.  None of those is
nsbeta1+, I don't think.
Keywords: nsbeta1
Whiteboard: time:3days
nsbeta1- per ADT triage team
Keywords: nsbeta1nsbeta1-
Target Milestone: mozilla1.0 → mozilla1.2
QA Contact: sairuh → petersen
*** Bug 106094 has been marked as a duplicate of this bug. ***

*** This bug has been marked as a duplicate of 91969 ***
Closed: 22 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.