I'm going to try to summarize the problem here as I see it. Over the last few years, Mozilla has moved in the direction of focusing on security at the cost of some user control. Though to my knowledge no official statement has ever been made acknowledging this, it is apparent through their actions and the tone of some of the things they *have* said. This is not the place to debate that decision, and I do not wish to, but for our purposes it suffices to note that there *is* inherent tension between those two aims. Any power the user is given to alter the behaviour of the browser's interaction with external content, risks creating a security vulnerability. Most users do not have a strong grasp of security theory, and rely heavily on Mozilla's experts to keep them safe.
There is an inherent risk in having an external application automatically process *any* kind of file. Many common programs are not designed to handle malicious input, and some that are do a poor job at it. *Glances towards Adobe Acrobat*. It is a sane default to ask the user before proceeding any time there is an elevated risk of bad behaviour. Since it appears from a quick search that a number of server operators use `content-disposition: attachment` on user-uploaded files to reduce the risk of XSS-type attacks, it appears we have such a case. Thus, a credible argument can be made that Firefox *ought* to ignore the user's choice of automatic behaviour in these instances. That other browsers do not react this way does not constrain us. We are not obligated to emulate their design decisions. It has been suggested in comment 90 that people out to do less talking and more patch submitting, but as comment 110 noted, people are reluctant to work on creating a patch when they are uncertain if it has any chance of being accepted due to design choices by the development team. I **strongly** suggest that a Mozilla staff member make an executive decision as to whether this behaviour is in fact a bug to be fixed, and state so in a comment, or else close this as `WONTFIX` and say that a decision has been made to err on the side of security and not let the end user select a default behaviour when a `content-disposition: attachment` exists -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1065126 Title: "Always do this from now on" does not work Status in Mozilla Firefox: Confirmed Status in One Hundred Papercuts: New Status in firefox package in Ubuntu: Confirmed Bug description: Downloading an unknown file type in Firefox displays a dialog for choosing which application to use for opening the file. The dialog contains a check box labelled "Always do this action from now on". Checking this option does not work: When I download a file of the same type next time, the same dialog is displayed again. This feature is broken for as long as I can remember (> 10 years). It's time it was fixed (or removed). ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: firefox 15.0.1+build1-0ubuntu0.12.04.1 ProcVersionSignature: Ubuntu 3.2.0-31.50-generic 3.2.28 Uname: Linux 3.2.0-31-generic x86_64 NonfreeKernelModules: nvidia AddonCompatCheckDisabled: False AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24. ApportVersion: 2.0.1-0ubuntu13 Architecture: amd64 ArecordDevices: **** List of CAPTURE Hardware Devices **** card 0: Intel [HDA Intel], device 0: AD198x Analog [AD198x Analog] Subdevices: 2/2 Subdevice #0: subdevice #0 Subdevice #1: subdevice #1 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: ruediger 2536 F.... pulseaudio BuildID: 20120907231657 Card0.Amixer.info: Card hw:0 'Intel'/'HDA Intel at 0xfe220000 irq 49' Mixer name : 'Analog Devices AD1984' Components : 'HDA:11d41984,17aa20bb,00100400' Controls : 32 Simple ctrls : 20 Card29.Amixer.info: Card hw:29 'ThinkPadEC'/'ThinkPad Console Audio Control at EC reg 0x30, fw 7KHT24WW-1.08' Mixer name : 'ThinkPad EC 7KHT24WW-1.08' Components : '' Controls : 1 Simple ctrls : 1 Card29.Amixer.values: Simple mixer control 'Console',0 Capabilities: pswitch pswitch-joined penum Playback channels: Mono Mono: Playback [on] Channel: Unavailable Date: Wed Oct 10 18:17:44 2012 EcryptfsInUse: Yes ForcedLayersAccel: False IfupdownConfig: auto lo iface lo inet loopback InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1) IpRoute: default via 172.31.0.1 dev wlan0 proto static 169.254.0.0/16 dev wlan0 scope link metric 1000 172.31.0.0/20 dev wlan0 proto kernel scope link src 172.31.9.26 metric 2 MostRecentCrashID: bp-7716491c-74b4-4213-bbf0-37b512110505 PrefSources: prefs.js Profiles: Profile0 (Default) - LastVersion=15.0.1/20120907231657 (In use) RelatedPackageVersions: rhythmbox-mozilla 2.96-0ubuntu4.2 totem-mozilla 3.0.1-0ubuntu21.1 icedtea-6-plugin 1.2-2ubuntu1.2 RunningIncompatibleAddons: False SourcePackage: firefox UpgradeStatus: Upgraded to precise on 2012-04-28 (165 days ago) dmi.bios.date: 03/18/2011 dmi.bios.vendor: LENOVO dmi.bios.version: 7LETC9WW (2.29 ) dmi.board.name: 6457BBG dmi.board.vendor: LENOVO dmi.board.version: Not Available dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Not Available dmi.modalias: dmi:bvnLENOVO:bvr7LETC9WW(2.29):bd03/18/2011:svnLENOVO:pn6457BBG:pvrThinkPadT61:rvnLENOVO:rn6457BBG:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable: dmi.product.name: 6457BBG dmi.product.version: ThinkPad T61 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1065126/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
