Can't tell what application will be launched with custom schemes

I wonder if this is due to this recent change in snapd: https://github.com/snapcore/snapd/pull/11200

@alexmurray that code has never listed or show which application would handle given URL scheme. The change affected the implementation of io.snapcraft.Launcher, which is only called as a fallback when a snap calls xdg-open inside it's namespace. The primary handler that is tried goes through the desktop portal https://flatpak.github.io/xdg-desktop-portal/#gdbus-org.freedesktop.portal.OpenURI which AFAIU prompts to select an application for some number of attempts, which then goes away if the user chose consistently chose the same application each time. So if the prompt was originally shows, but now it's not, my guess would be that it's the portal.

The fallback code would open an application for which there is a desktop handler registered in the mime db. Perhaps we could improve that to show a prompt? Anyways, this code isn't part of any stable release yet.

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

While I don't have an immediate exploit, attackers tricking a user to start applications does feel like in should be classified as a security bug.

I've _never_ gotten asked what application to start for a given uri scheme.

I'm seeing this dialog when clicking a mailto: link in the firefox snap (see attached screenshot). Are you seeing something different? What's the value associated to the mailto scheme in about:preferences (under the "Applications" section)?

Status changed to 'Confirmed' because the bug affects multiple users.