Incorrect domain name appears in Downloads Window

Bug #237489 reported by Bill Kuker
6
Affects Status Importance Assigned to Milestone
firefox-3.0 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: firefox-3.0

I googled for a datasheet (search '16f688 datasheet') and clicked on the first result to download a pdf (41203B.pdf) from the server ww1.microchip.com.

The download window shows the file name and size, and the domain google.com.

It SHOULD show ww1.microchip.com

I consider this a minor vulnerability, an attacker could use this, perhaps in combination with an XSS attack, to obscure the origin of a downloaded file.

Ubuntu 8.04 LTS and Firefox 3 Beta 5

ProblemType: Bug
Architecture: i386
Date: Wed Jun 4 19:22:55 2008
DistroRelease: Ubuntu 8.04
Package: firefox-3.0 3.0~b5+nobinonly-0ubuntu3
PackageArchitecture: i386
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: firefox-3.0
Uname: Linux 2.6.24-16-generic i686

Tags: apport-bug
Revision history for this message
Bill Kuker (firefox-billkuker) wrote :
Revision history for this message
Martin Mai (mrkanister-deactivatedaccount-deactivatedaccount) wrote :

 Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.

Changed in firefox-3.0:
status: New → Incomplete
Revision history for this message
Martin Mai (mrkanister-deactivatedaccount-deactivatedaccount) wrote :

 We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in firefox-3.0:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.