Package: iceweasel Version: 3.0~rc2-2 Severity: grave Justification: possible data loss or security hole
https://bugzilla.mozilla.org/show_bug.cgi?id=443153 When I click on a PDF file, Firefox says: You have chosen to open <file>.pdf which is a: Adobe Acrobat Document from: <URL> What should iceweasel do with this file? * Open with [xpdf (default)] o Save File [] Do this automatically... and when I click on OK, evince is executed instead of xpdf! There may be security/privacy implications since an arbitrary program neither chosen by the user nor announced to the user is executed. Worse, Firefox takes $PATH into account, so that the program may not even be the expected one. For instance, if the user has created an evince script (e.g. that does a "rm -rf") in his bin directory, this script will be run without the user's consent. This bug also occurs in safe mode (-safe-mode option). -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25.8-20080623 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages iceweasel depends on: ii debianutils 2.30 Miscellaneous utilities specific t ii fontconfig 2.6.0-1 generic font configuration library ii libc6 2.7-12 GNU C Library: Shared libraries ii libglib2.0-0 2.16.3-2 The GLib library of C routines ii libgtk2.0-0 2.12.10-2 The GTK+ graphical user interface ii libnspr4-0d 4.7.1-3 NetScape Portable Runtime Library ii libstdc++6 4.3.1-4 The GNU Standard C++ Library v3 ii procps 1:3.2.7-8 /proc file system utilities ii psmisc 22.6-1 Utilities that use the proc filesy ii xulrunner-1.9 1.9~rc2-5 XUL + XPCOM application runner iceweasel recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
