Firefox and the `you have chosen to open ...' dialogue

Ian Jackson ian at davenant.greenend.org.uk
Fri Mar 3 12:46:58 GMT 2006 

Martin Pitt writes ("Re: Firefox and the `you have chosen to open ...' dialogue"):
> I think that's too simple. People should also be able to expect what
> happens if they click a link, which they can't any more now. Look for
> example at

(Unfortunately the days are long gone when you could predict what
would happen if you clicked on a link.  The browser is expected to do
as the website wishes, not as the user might expect.  But that's a bit
of a side issue ...)

>   http://www.ubuntu.com/usn/usn-248-1
> 
> This was a security flaw in unzip, which was quite harmless on its
> own: you could execute arbitrary code with extraordinarily long,
> specially crafted file names. Few people who are is reasonably familiar
> with computers would click on a link like this:
> 
>   http://foo.com/foAAAAAAAAAAAAAAAAAAAAAAAAAA[4000 more A]%34%85%03%01%Fo.zip

This is a specific case of the general problem that Firefox is much
too willing to preserve websites' filenames even if they are
unreasonable or misleading (eg, wrong extension, unreasonable
characters, etc.)

> The problem is that this html page could easily set a http forward or
> a small javascript snippet to point to the above URL. Clicking on html
> and suddenly get OpenOffice or file-roller opened? That's totally not
> expected, and  even dangerous in the time of known, but unfixed
> vulnerabilities (e. g. we are one of the only few distros which
> actually fixed this unzip vuln, most of them considered it too
> unimportant).

Does the extra dialogue really help a non-expert user ?  Aren't they
just going to say `yes' ?  And doesn't this train the user to always
click `yes' so that the value of all confirmations is decreased ?

>  * If we really have to keep this feature (I strongly think we
>    shouldn't), [...]

I would really like to have an idea of how many people find the new
behaviour better.  This is supposed to be a useability improvement.
If in practice it confuses and annoys people then we should revert it;
if the benefits are marginal then reverting it because of these
security fears seems reasonable.

Hence my suggestion in my other mail that we should hold a poll or
some such.

Ian.

More information about the ubuntu-devel mailing list