Red Hat Bugzilla – Bug 178040
Opens browser window as r00t
Last modified: 2007-11-30 17:11:21 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5
Description of problem:
When firestarter is running, it is running as root via consolehelper.
In the Help menu is a selection for online users manual.
If selected, it opens a browser window as the root user to an external website.
In the event that there is a browser exploit and the external website is hacked, this could result in a compromise.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. launch firestarter
2. Go to help menu
3. Choose Online Users' Manual
Actual Results: Opens an external website as the root user
Expected Results: Launched web documentation for applications that run as root should be on the local machine.
It would actually be better to not have it open a browser window at all.
Created attachment 123303 [details]
Removes launching of browser from help menu