Incorrect domain name appears in Downloads Window
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox-3.0 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: firefox-3.0
I googled for a datasheet (search '16f688 datasheet') and clicked on the first result to download a pdf (41203B.pdf) from the server ww1.microchip.com.
The download window shows the file name and size, and the domain google.com.
It SHOULD show ww1.microchip.com
I consider this a minor vulnerability, an attacker could use this, perhaps in combination with an XSS attack, to obscure the origin of a downloaded file.
Ubuntu 8.04 LTS and Firefox 3 Beta 5
ProblemType: Bug
Architecture: i386
Date: Wed Jun 4 19:22:55 2008
DistroRelease: Ubuntu 8.04
Package: firefox-3.0 3.0~b5+
PackageArchitec
ProcEnviron:
PATH=/
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: firefox-3.0
Uname: Linux 2.6.24-16-generic i686
Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.