*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
Binary package hint: firefox-3.0
I googled for a datasheet (search '16f688 datasheet') and clicked on the
first result to download a pdf (41203B.pdf) from the server
ww1.microchip.com.
The download window shows the file name and size, and the domain
google.com.
It SHOULD show ww1.microchip.com
I consider this a minor vulnerability, an attacker could use this,
perhaps in combination with an XSS attack, to obscure the origin of a
downloaded file.
Ubuntu 8.04 LTS and Firefox 3 Beta 5
ProblemType: Bug
Architecture: i386
Date: Wed Jun 4 19:22:55 2008
DistroRelease: Ubuntu 8.04
Package: firefox-3.0 3.0~b5+nobinonly-0ubuntu3
PackageArchitecture: i386
ProcEnviron:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: firefox-3.0
Uname: Linux 2.6.24-16-generic i686
** Affects: firefox-3.0 (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug
--
Incorrect domain name appears in Downloads Window
https://bugs.launchpad.net/bugs/237489
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
