Ubuntu
firefox package

download file does not honour preferences

Bug #1097942 reported by Bill777
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Just updated to "FF18.0 beta for mint" in KDE mint Maya 13 live dvd
and it's a mess, basic stuff is stuffed.

Similar to bug/892927, bug/1004037

I set edit preferences:
no - Show the Downloads window when downloading
no - close it when..
no - save files to [ ] - not set, left at default default value mint/Downloads
yes - always ask

attempted to download a file.

No dialogue appeared to ask where to save it, I didn't check at that time what was happening, thought it had just failed.

Some time later, a pop-up panel saying insufficient space to save file.

There had been multiple attempts, all marked "failed" (though apparently successful)
 to download the file to root/tmp, , file-1, file-2 ... etc., which had filled up the allocation.

So, the download not honouring the preferences set, sending to wrong folder, and marking as failed, retry, when finished.

Is Firefox losing the will to live?

yeesh.

Revision history for this message
Bill777 (billachenal) wrote :

I've marked this a potential security problem, for the experts to have a look at, just out of suspicion rather than any confirmed exploit.
I'm unhappy about un-announced downloading into root/tmp rather than fully informed choice of a selected user file, it makes me uneasy.

information type: Private Security → Public Security
Revision history for this message
Bill777 (billachenal) wrote :

Apologies for omission: also some relationship to bug/620935

Revision history for this message
Marc Deslauriers (mdeslaur) wrote : Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Public Security → Public
Revision history for this message
Bill777 (billachenal) wrote :

@Marc Deslauriers
Thanks for that, I didn't think it was a direct threat, but was unhappy about the behaviour. which I still find rather strange.

I saw a potential for leaving a very obscured hidden file (files) on the system, which could form a helper basis for an exploit, even if is does not directly cross a security boundary. No direct evidence of an actual exploit, though (fingers crossed).

At the moment, I reckon this has only happened consistently with Ryushare.
Other downloads seem to work most of the time, though I still have the (slightly unconscious) impression that some other downloads initially get diverted to /tmp, but act correctly later on.

Revision history for this message
Paul White (paulw2u) wrote :

We are sorry that we do not always have the capacity to review all reported bugs in a timely manner.

If you are finding that this is still an issue using maintained versions of Firefox and/or Ubuntu then please let us know otherwise this report can be left to expire in approximately 60 days time.

Paul White
[Ubuntu Bug Squad]

Changed in firefox (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for firefox (Ubuntu) because there has been no activity for 60 days.]

Changed in firefox (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.