Bug 178040 - Opens browser window as r00t
Opens browser window as r00t
Product: Fedora
Classification: Fedora
Component: firestarter (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Michael A. Peters
Fedora Extras Quality Assurance
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-01-17 10:41 EST by Michael A. Peters
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-30 17:31:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Removes launching of browser from help menu (1.80 KB, patch)
2006-01-17 11:13 EST, Michael A. Peters
no flags Details | Diff

  None (edit)
Description Michael A. Peters 2006-01-17 10:41:24 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5

Description of problem:
When firestarter is running, it is running as root via consolehelper.
In the Help menu is a selection for online users manual.
If selected, it opens a browser window as the root user to an external website.

In the event that there is a browser exploit and the external website is hacked, this could result in a compromise.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. launch firestarter
2. Go to help menu
3. Choose Online Users' Manual

Actual Results:  Opens an external website as the root user

Expected Results:  Launched web documentation for applications that run as root should be on the local machine.

Additional info:
Comment 1 Michael A. Peters 2006-01-17 10:46:15 EST
It would actually be better to not have it open a browser window at all.
Comment 2 Michael A. Peters 2006-01-17 11:13:16 EST
Created attachment 123303 [details]
Removes launching of browser from help menu

Note You need to log in before you can comment on or make changes to this bug.