479057 – /etc/mailcap unsafe xdg-open usage

Bug 479057 - /etc/mailcap unsafe xdg-open usage

Summary: /etc/mailcap unsafe xdg-open usage

Keywords:
Status:	CLOSED DUPLICATE of bug 479010
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mailcap
Sub Component:
Version:	10
Hardware:	All
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Miroslav Lichvar
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-01-06 20:04 UTC by Josh Bressers
Modified:	2009-01-06 20:27 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-01-06 20:27:52 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2009-01-06 20:04:18 UTC

The following issue was reported to us from Manuel Reimer:

https://bugs.freedesktop.org/show_bug.cgi?id=19377

The basic summary, is that xdg-open detects the file mime type, and Firefox gets its mime type from the server.  That means that a malicious site could trick a user into thinking they are downloading a PDF file, but could be treated differently by xdg-open.

Comment 1 Josh Bressers 2009-01-06 20:27:52 UTC


*** This bug has been marked as a duplicate of bug 479010 ***

Note You need to log in before you can comment on or make changes to this bug.