Package: iceweasel Version: 38.8.0esr-1~deb8u1 Severity: important Dear Maintainer,
I recently installed Debian.. In iceweasel the default Download location (Save files to) was /root/Downloads. I downloaded a pdf-file and opened it with iceweasel (open contianing folder). Thunar was opened. There I could click on "open terminal here" and got root permission without entering the root passwort. Now I changed the download location and everything is fine. I can't choose the /root/Downloads folder as location anymore. But but this seems to be a serious security problem. -- Package-specific info: -- Extensions information Name: Default theme Location: /usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd} Package: iceweasel Status: enabled -- Plugins information -- Addons package information ii iceweasel 38.8.0esr-1~ amd64 Web browser based on Firefox -- System Information: Debian Release: 8.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages iceweasel depends on: ii debianutils 4.4+b1 ii fontconfig 2.11.0-6.3 ii libasound2 1.0.28-1 ii libatk1.0-0 2.14.0-1 ii libc6 2.19-18+deb8u4 ii libcairo2 1.14.0-2.1+deb8u1 ii libdbus-1-3 1.8.20-0+deb8u1 ii libdbus-glib-1-2 0.102-1 ii libevent-2.0-5 2.0.21-stable-2 ii libffi6 3.1-2+b2 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-3+deb8u1 ii libgcc1 1:4.9.2-10 ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u4 ii libglib2.0-0 2.42.1-1+b1 ii libgtk2.0-0 2.24.25-3+deb8u1 ii libhunspell-1.3-0 1.3.3-3 ii libpango-1.0-0 1.36.8-3 ii libsqlite3-0 3.8.7.1-1+deb8u1 ii libstartup-notification0 0.12-4 ii libstdc++6 4.9.2-10 ii libx11-6 2:1.6.2-3 ii libxcomposite1 1:0.4.4-1 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes3 1:5.0.1-2+b2 ii libxrender1 1:0.9.8-1+b1 ii libxt6 1:1.1.4-1+b1 ii procps 2:3.3.9-9 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages iceweasel recommends: ii gstreamer1.0-libav 1.4.4-2 ii gstreamer1.0-plugins-good 1.4.4-2 Versions of packages iceweasel suggests: pn fonts-mathjax <none> pn fonts-oflb-asana-math <none> pn fonts-stix | otf-stix <none> ii libcanberra0 0.30-2.1 pn libgnomeui-0 <none> ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2 pn mozplugger <none> -- no debconf information