Package: firefox Version: 1.5.dfsg+1.5.0.4-1 Severity: normal I created a new user for certain tasks. Then I started firefox (from the command line, without specifying *any* URL) to configure some settings. Without asking, firefox immediately accesses the web in at least two ways:
a) It goes to http://www.mozilla-europe.org/de/products/firefox/ as start page (why can't this be a locally provided page) and b) There is a "latest headlines" button, under which several links are listed (and which had to be retrieved from the web) No other browser I know in Debian (lynx, konqueror, chimera2, ...) access the web without requests by users. I think this is quit a privacy issue, as users should not expect that a browser without URL already starts accessing the web. If you think this is sensible, that at least provide a system wide option to turn it off (and make it off by default, maybe asking a debconf question on installation). This (new) user account is not intended for (unfiltered) web access, and I was suprised (in a bad way) that firefox violates this by default. I personally belive that Debian honors users privacy and security (by default) and therefor Debians Firefox should do the same (IMHO). Or at least a big warning should be issued. Please not that this problem is not specific to a "non-browser" user, in some countries accessing certain of the sites below "latest headlines" may already be problematic, or the user might want to configure e.g. a privacy enhaning daemon to prevent unfiltered access (e.g. to satisfy regulatory requirements). -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.7-grsec-cz01 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8) Versions of packages firefox depends on: ii debianutils 2.17 Miscellaneous utilities specific t ii fontconfig 2.4.1-2 generic font configuration library ii libatk1.0-0 1.12.2-1 The ATK accessibility toolkit ii libc6 2.3.6.ds1-7 GNU C Library: Shared libraries ii libcairo2 1.2.4-1 The Cairo 2D vector graphics libra ii libfontconfig1 2.4.1-2 generic font configuration library ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libgcc1 1:4.1.1-19 GCC support library ii libglib2.0-0 2.12.4-1 The GLib library of C routines ii libgtk2.0-0 2.8.20-3 The GTK+ graphical user interface ii libidl0 0.8.6-1 library for parsing CORBA IDL file ii libjpeg62 6b-13 The Independent JPEG Group's JPEG ii libpango1.0-0 1.14.7-1 Layout and rendering of internatio ii libpng12-0 1.2.8rel-5.2 PNG library - runtime ii libstdc++6 4.1.1-19 The GNU Standard C++ Library v3 ii libx11-6 2:1.0.0-8 X11 client-side library ii libxcursor1 1.1.7-4 X cursor management library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxfixes3 1:4.0.1-4 X11 miscellaneous 'fixes' extensio ii libxft2 2.1.8.2-8 FreeType-based font drawing librar ii libxi6 1:1.0.1-3 X11 Input extension library ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library ii libxp6 1:1.0.0.xsf1-1 X Printing Extension (Xprint) clie ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library ii libxrender1 1:0.9.1-3 X Rendering Extension client libra ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii psmisc 22.3-1 Utilities that use the proc filesy ii zlib1g 1:1.2.3-13 compression library - runtime firefox recommends no packages. -- no debconf information -- Dr. Helge Kreutzmann [EMAIL PROTECTED] Dipl.-Phys. http://www.helgefjell.de/debian.php 64bit GNU powered gpg signed mail preferred Help keep free software "libre": http://www.ffii.de/
signature.asc
Description: Digital signature
