possible firefix security problem??

To: debian-user@lists.debian.org
Cc: hendrik@topoi.pooq.com
Subject: possible firefix security problem??
From: hendrik@topoi.pooq.com
Date: Sat, 7 Jan 2006 19:44:10 -0500
Message-id: <[🔎] 20060108004410.GA17152@topoi.pooq.com>

Running relatively up-to-date Debian sarge system.

Followed a link to a rater nice site, www.irateradio.com

It runs a Java applet that
  (1) downloads some random music files
  (2) plays them and allows you to rate them
  (3) compares your ratins with the ratings others provided in its 
database so as to download files you actually might like next time

And, indeed, it does this quite nicely.

Now I thought I might like to keep one of these tracks.  After findiing 
no gadgets anywhere to ask it so store these things on my hard disk 
somewhere, I start doind ls *.mp3 in various directories, and discover 
that it has created a ~/irate/download/ directory and has stuffed its 
downloads there.

The trouble is, I don't recall ever giving it permission to store 
anything on my hard disk (except cookies), nor telling it where to put 
them (which is what firefox usually asks me when it starts a download).
And the java applet was, as far as I could see, started within the 
browser.

Now I ask you.  What security policy could Firefox be following that 
would allow this and prevent some wild application from putting junk all 
over my hard drive?  Can I ever run Firefox again?

-- hendrik

Reply to:

Follow-Ups:
- Re: possible firefix security problem??
  - From: hendrik@topoi.pooq.com

Prev by Date: Digital Camera
Next by Date: Printer / Stampante Brother HL-5030
Previous by thread: Re: Digital Camera
Next by thread: Re: possible firefix security problem??
Index(es):
- Date
- Thread