GNU bug report logs - #74648
[PATCH] gnu: librewolf: Add %u to Exec option to open URLs.

Previous Next

Package: guix-patches;

Reported by: Roman Scherer <roman <at> burningswell.com>

Date: Mon, 2 Dec 2024 12:21:02 UTC

Severity: normal

Tags: patch

Done: Sharlatan Hellseher <sharlatanus <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Roman Scherer <roman <at> burningswell.com>
To: André Batista <nandre <at> riseup.net>
Cc: Mark H Weaver <mhw <at> netris.org>, Roman Scherer <roman <at> burningswell.com>, Jonathan Brielmaier <jonathan.brielmaier <at> web.de>, 74648 <at> debbugs.gnu.org, Ian Eure <ian <at> retrospec.tv>
Subject: [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
Date: Mon, 02 Dec 2024 16:29:09 +0100

[Message part 1 (text/plain, inline)]
André Batista <nandre <at> riseup.net> writes:

Hi André,

thanks for taking a look. So this is fixing a security issue? Which one
exactly? Is it this one?

CVE-2024-10462: Origin of permission prompt could be spoofed by long URL

Are we planning todo the same for Icecat? If so, could we have a variant
of the browsers in Guix that are less hardened, and would allow opening
URLs?

I'm using Slack via Flatpack and not being able to open URLs from there
or other applications with my browser is a bit tedious.

Roman

> Hi Roman,
>
> seg 02 dez 2024 às 13:20:20 (1733156420), roman <at> burningswell.com enviou:
>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs.
>>
>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
>> ---
>>  gnu/packages/librewolf.scm | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
>> index 5d432cfad8..42d212e9f9 100644
>> --- a/gnu/packages/librewolf.scm
>> +++ b/gnu/packages/librewolf.scm
>> @@ -605,7 +605,7 @@ (define-public librewolf
>>                           (substitute* desktop-file
>>                             (("^Exec=@MOZ_APP_NAME@")
>>                              (string-append "Exec="
>> -                                           #$output "/bin/librewolf"))
>> +                                           #$output "/bin/librewolf %u"))
>>                             (("@MOZ_APP_DISPLAYNAME@")
>>
>
> This was its previous state and was removed on commit
> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
>
> Copying Ian, who was the author of that change and has been maintaining
> Librewolf.
>
> Cheers!

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 162 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.