Re: Firefox PDF download - strange behaviour.

["Jeremy Nicoll" <jn.ml.dbn.25@letterboxes.org>]

On Tue, 18 Jan 2022, at 16:35, The Wanderer wrote:

> So this could potentially be dangerous if the user chooses a directory
> location that's high enough in the directory tree to have important
> files already underneath it, but not if the user chooses e.g. a
> dedicated Downloads directory.

I'd expect malware using this mechanism to put forward a "plausible"
reason why a naive user should select an unsafe directory, rather than
a downloads one.


>> I think I also read that once the code has a handle to a directory it
>> can scan sub-directories as well.
>
> Yes, that appears to be correct.

And that opens up the scourge of malware that correctly identifies what
software one has installed, and/or aspects of its configuration, just based
on what files/folders exist.

-- 
Jeremy Nicoll - my opinions are my own.