Closed
Bug 81703
Opened 24 years ago
Closed 22 years ago
Warning dialog when executing code off the network
Categories
(Core Graveyard :: File Handling, defect, P3)
Tracking
(Not tracked)
mozilla1.2alpha
People
(Reporter: vishy, Assigned: samir_bugzilla)
References
Details
When you download an exe or other executable off the network, and execute it from the helper app dialog, there needs to be a warning alert that alerts you to the possibility of malicious code, viruses etc. German, can you work with Law on the UE design for this. jatin - can you work to get the wording for this dialog. thanks, Vishy
The design proposal Law and I talked over briefly yesterday was that we would bring up a 3 button dialog right after the file helper/download dialog has been shown and was dismissed with the intent to open a file. When the app detects that it is an executable file, it will bring up that warning, that will include: - A title: Something like Security Warning - A header text label with information about the file, like it's name where it came from etc saying "You are about to launch file xyz on your computer" - A middle text section that briefly talks about the potential security risks of doing so - A lower text section asking something like: " Are you sure you want to launch this file?" - 3 buttons saying something like: [ Cancel ][ Save Instead...] [Lauch File] Lauch file should probably not be defaulted as it can result in hazardous action. I am cc'ing the info design group for proper cleanup and language, Jatin can you or somebody in your group help finalize the wording? Thx
|
Reporter | |
Comment 2•24 years ago
|
||
we really need to get this behaviour finalized and implemented early in mozilla0.9.2 so that it can be well tested.
Priority: -- → P1
Need to: 1. Code up UI (xul/js); this isn't the problem. 2. Figure out how/where to insert code to check whether that UI is necessary and display it if it is. This is harder because some of that code is in the uriloader and it doesn't have a convenient way to get to the UI stuff. That might be a little tricky.
Whiteboard: time:3days
Another one for you, Samir. This code is in the came vicinity as the helper app dialog forcing stuff you did for beta. I can advise you about how to tackle it and it might not be too hard.
Assignee: law → sgehani
Target Milestone: mozilla0.9.2 → mozilla0.9.3
|
|
Reporter | |
Comment 5•23 years ago
|
||
nav triage -> m1.0, we would have loved to get this, but its too late now.
Target Milestone: mozilla0.9.3 → mozilla1.0
|
||
Comment 6•23 years ago
|
||
This is a very easy, low risk fix with very high reward. I think we can leave the helper app dialog aspect of it (not including the Choose... button and just making it say "Open") until next release, but I think we should try to enable Launch File for rtm. We obviously can already detect .exe's with ease, since we disable the Launch File button. Thus, all that's needed here is to throw up a simple alert. Cc'ing security people for suggested wording. I don't think we need such a feature-rich dialog as German proposes (with Save Instead..., etc.) for rtm. We just need a warning dialog with OK and Cancel buttons.
|
|
Reporter | |
Comment 7•23 years ago
|
||
moving up to mozilla0.9.5, we may want to get this in for the next release if we can clear out the higher priority bugs.
Target Milestone: mozilla1.0 → mozilla0.9.5
|
||
Comment 8•23 years ago
|
||
Mass-moving lower-priority 0.9.5 bugs off to 0.9.6 to make way for remaining 0.9.4/eMojo bugs, and MachV planning, performance and feature work. If you disagree with any of these targets, please let me know.
Target Milestone: mozilla0.9.5 → mozilla0.9.6
|
||
Updated•23 years ago
|
Component: XP Apps → File Handling
|
Assignee | |
Comment 9•23 years ago
|
||
Moving to mozilla0.9.7.
Target Milestone: mozilla0.9.6 → mozilla0.9.7
|
|
Assignee | |
Comment 11•23 years ago
|
||
Bill, Do we need this for Mach V? If so, please nominate. Is this a dupe?
Priority: P1 → P3
Target Milestone: mozilla0.9.9 → mozilla1.0
|
||
Comment 12•23 years ago
|
||
Nominating. This is a something some people really want. There are other bugs affecting the helper app dlg and the changes for this could be incorporated into that work and the cost would be reduced somewhat. Marketing's call, I say. There may be other bugs calling for the same feature. None of those is nsbeta1+, I don't think.
Keywords: nsbeta1
Whiteboard: time:3days
|
|
||
Comment 13•23 years ago
|
||
nsbeta1- per ADT triage team
|
|
||
Updated•22 years ago
|
QA Contact: sairuh → petersen
|
||
Comment 14•22 years ago
|
||
*** Bug 106094 has been marked as a duplicate of this bug. ***
|
|
||
Comment 15•22 years ago
|
||
*** This bug has been marked as a duplicate of 91969 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
|
||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•