https://bugs.kde.org/show_bug.cgi?id=457949
[email protected] changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|RESOLVED |REOPENED Resolution|DOWNSTREAM |--- --- Comment #12 from [email protected] --- After some testing with https://cleverpush.com/en/test-notifications/ and without firejail sandboxing the problem has been identified: The firejail profile for firefox (~/.config/firejail/firefox.local) needs to contain this line to have the notifications use KDE notifications and thereby get hidden when "Do not disturb" is enabled (this is a security and privacy issue!): >dbus-user.talk org.freedesktop.Notifications However, assuming that the user somehow learns about this (which is unrealistic), it presents a substantial security vulnerability. Do you know what could be done to make the sandboxed firefox notifications use the system notifications without granting these dbus notifications permissions? For example a specific change at DBUS, a link to an open issue at DBUS about this problem, using another system notifications service, using other notifications if the dbus ones don't work, or something else? -- You are receiving this mail because: You are watching all bug changes.
