Bug#752278: iceweasel shouldn't advertise for external programs
Christoph Anton Mitterer
calestyo at scientia.net
Sun Jun 22 03:30:01 UTC 2014
Package: iceweasel
Version: 30.0-2
Severity: normal
Tags: security
Hi.
Apparently there are cases where Iceweasel automatically
suggests users an external program or plugin, like when
you click an URI:
irc://irc.freenode.net:6667/btrfs
it suggests Mibbit.
I think this is really a bad idea, especially security wise, as
the user may click on this perhaps already downloading/starting
something as local user (I didn't try it out, since it didn't tell
me what will happen).
If at all, iceweasel should rather suggest any packages in the
Debian main archive, which are capable of handling the requrested
file type / URI schema are whatever.
Cheers,
Chris.
More information about the pkg-mozilla-maintainers
mailing list