No warning displayed when downloading malicious files using drag and drop
Categories
(Firefox :: Downloads Panel, defect, P3)
Tracking
()
People
(Reporter: atrif, Unassigned)
References
()
Details
Attachments
(1 file)
436.05 KB,
video/x-matroska
|
Details |
Affected versions
- 75.0a1 (20200302212732)
- 74.0 (20200302184608)
- 73.0.1 (20200217142647)
Affected platforms
- Ubuntu 18.04
- Windows 10x64
- macOS 10.15
Steps to reproduce
- Open Firefox with a new profile and go to https://testsafebrowsing.appspot.com/.
- Download a random file from “Desktop Download Warnings” (e.g 3).
- Drag and drop a random link from “Desktop Download Warnings” to the download arrow.
- Observe the download panel.
Expected result
- Both downloads have a warning displayed.
Actual result
- The downloaded file via drag and drop has no warning.
Regression Range
- I will search for one ASAP.
Notes
- Attached a screen recording.
Reporter | ||
Updated•4 years ago
|
Reporter | ||
Updated•4 years ago
|
Reporter | ||
Comment 1•4 years ago
|
||
Hello!
Firefox 33.0a1 (2014-07-17) was the first build that supports the warnings for malicious files in downloads panel and the issue is reproducing on that build too. So based on that I think it's safe to assume that the issue is not a regression or maybe that is the expected behavior when the link is dropped to be downloaded.
Comment 2•4 years ago
|
||
I suspect this is due to the fact the download is initiated by the chrome ui, rather than just being content link navigation, so it goes through DownloadCopySaver rather than DownloadLegacySaver.
I don't remember though if we consider ui initiated downloads safe by default. DownloadCopySaver seems to have reputation checks from a quick look.
Comment 3•4 years ago
|
||
(In reply to Marco Bonardo [:mak] from comment #2)
I don't remember though if we consider ui initiated downloads safe by default. DownloadCopySaver seems to have reputation checks from a quick look.
Dimi, do we just need to copy these checks and/or move them to a common codepath? Is this something that you can look at?
Comment 4•4 years ago
|
||
(In reply to :Gijs (he/him) from comment #3)
(In reply to Marco Bonardo [:mak] from comment #2)
I don't remember though if we consider ui initiated downloads safe by default. DownloadCopySaver seems to have reputation checks from a quick look.
Dimi, do we just need to copy these checks and/or move them to a common codepath? Is this something that you can look at?
This looks like related to download module which I don’t have any experience of, so I'm not really a good candidate to look into this, sorry!
Comment 5•4 years ago
|
||
The priority flag is not set for this bug.
:mak, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•4 years ago
|
Updated•1 year ago
|
Description
•