From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5 Description of problem: When firestarter is running, it is running as root via consolehelper. In the Help menu is a selection for online users manual. If selected, it opens a browser window as the root user to an external website. In the event that there is a browser exploit and the external website is hacked, this could result in a compromise. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. launch firestarter 2. Go to help menu 3. Choose Online Users' Manual Actual Results: Opens an external website as the root user Expected Results: Launched web documentation for applications that run as root should be on the local machine. Additional info:
It would actually be better to not have it open a browser window at all.
Created attachment 123303 [details] Removes launching of browser from help menu