January 26th, 2006, 12:08 PM
Firefox hole, *maybe* ?
I am not sure if its a bug but I don't understand why such a *feature* is there (okay it might help improve performance but can also serve as a security weakness). I read two threads on firefox about its prefetch feature. I have *disabled* prefetch in firefox on my system (Although i don't think it hold's much relevance here)
Anyway I found out that before we click "SAVE", firefox already starts to download the file in background (so even before I have clicked save the file will be placed in temp directory). Now if this can be disabled or is a feature (i don't know why it should be a feature) then please tell me.
I have conformed this by trying a simple experiment.
I went to sourceforge.net. There I went to BO2K project (http://sourceforge.net/projects/bo2k/)
I clicked on download then I selected the latest file (http://sourceforge.net/project/showf...?group_id=4487)
and then I selected the server closest to me (I also tried with two different random servers but again this information is irrelevant).
Then the opening (and the file name here) dialog box appears in firefox. ** At this point of time I have NOT clicked save ** but the file is already being downloaded while window is in background. I had a look into my firewall and say that even before clicking "save" the file is being downloaded (because the bytes received counter is going up) just to double check I let the download continue after about 1.3 MB being downloaded my anti virus starts showing automatic clean up and warning message's.
Once again if this is a feature then please tell me, I didnt know of such a feature.
Also I have firefox 1.5
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.