From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020528 Description of problem: When using a entry from /etc/mailcap, Mozilla apparently only uses the command name, and ignores the rest of the command line. Version-Release number of selected component (if applicable):0.9.9-13 How reproducible: Always Steps to Reproduce: 1.Add an entry "image/x-xwindowdump; xwud -in %s" in /etc/mailcap assuming no other configuration for this content-type. 2.Point mozilla to a file with an .xwd suffix. Actual Results: Mozilla first asks if it should use xwud to display this file. If accepted, another window is quickly flashed, and then gone. Expected Results: A new xwud window with the contents of the xwd file. Additional info: Apparently, Mozilla invokes "xwud <file>" omitting the "-in" in the mailcap entry. I hesitated a bit before categorising this as a security bug. It could be a security issue if mailcap consists an entry like "gv -safer %s", where the mozilla behaviour would effectively remove the -safer flag. In the end I decided to call it a security issue, reasoning it is easy to downgrade it if inappropriate.
Is this still a problem in 1.0.1?
Yes, I still see this with mozilla 1.0.1-10. (Is it something I should report upstream maybe?)
I checked upstream. Not surprisingly, it was already reported there. http://bugzilla.mozilla.org/show_bug.cgi?id=83305
This is being fixed (eventually) upstream so will mark this closed.