MozillaZine

Firefox 3.5 "Open File - Security Warning"

User Help for Mozilla Firefox
dsage
Guest
 

Post Posted July 1st, 2009, 10:52 am

I'm running Windows XP Home Edition and since upgrading to Firefox 3.5 I've noticed that all files I download are "blocked." If I look at the file properites, there's a message at the bottom of the General tab that says "Security: This file came from another computer and might be blocked to help protect this computer." There's an Unblock button next to this message to remove it. Also, if the file is an executable file, I'll get an "Open File - Security Warning" dialog window when I try to run it.

Prior to upgrading to Firefox 3.5, I was able to eliminate this security warning by editing the registry as follows:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Policies\Attachments\SaveZoneInformation = 1

However, this appears to no longer have any effect in Firefox 3.5. In the past, setting the about:config preference browser.download.manager.scanWhenDone to false would also eliminate the security warnings (albeit, disabling antivirus scanning in the process), but apparently this no longer has any effect either.

I really really hate these security warnings! How do I fix this in Firefox 3.5?

Bluefang

User avatar
 
Posts: 7857
Joined: August 10th, 2005, 2:55 pm
Location: Vermont

Post Posted July 1st, 2009, 11:18 am

There have always been ghosts in the machine... random segments of code that have grouped together to form unexpected protocols. Unanticipated, these free radicals engender questions of free will, creativity, and even the nature of what we might call the soul...

dsage
Guest
 

Post Posted July 1st, 2009, 11:38 am

Thanks for your reply, but unfortunately that setting doesn't help. The odd thing is, this is affecting EVERYTHING I download, even "low risk" file types like .jpg images (which even IE doesn't do). This was never a problem in FF3; it's only since upgrading to 3.5 that this has started happening.

Anyone else experiencing this?

dsage
Guest
 

Post Posted July 1st, 2009, 2:21 pm

I haven't been able to find any information about this yet, but apparently Google Chrome has a similar bug. There's a good detailed description of the problem here: http://code.google.com/p/chromium/issues/detail?id=5719. Just substitute "Firefox" for "Chrome."

sciguyryan
Folder@Home

User avatar
 
Posts: 2180
Joined: November 10th, 2004, 1:33 pm
Location: Wales

Post Posted July 1st, 2009, 2:29 pm

You can find a registry hack here that will get rid of it for good: http://www.msfn.org/board/lofiversion/i ... 58926.html

It's not recommended unless you know what you're doing though but it does work.
Cheers!

Ryan Jones

nwg

User avatar
 
Posts: 251
Joined: June 11th, 2008, 11:20 am

Post Posted July 1st, 2009, 3:25 pm



This setting (browser.download.manager.skipWinSecurityPolicyChecks) doesn't even exist in 3.5.
Anyway... I tried disabling the the attachment service using group policy, but firefox ignores it.

dsage
Guest
 

Post Posted July 1st, 2009, 4:21 pm

RyanJ wrote:You can find a registry hack here that will get rid of it for good: http://www.msfn.org/board/lofiversion/i ... 58926.html

It's not recommended unless you know what you're doing though but it does work.


Those registry hacks no longer appear to work in FF3.5. Anyway, I'd like to not only disable the Security Warning dialog box, but prevent zone information from being written to downloaded files in the first place (so I don't have to manually unblock them in the file properties every time I download a file).

Apparently FF3.5 no longer respects the SaveZoneInformation registry variable.

dsage
Guest
 

Post Posted July 1st, 2009, 4:32 pm

nwg wrote:


This setting (browser.download.manager.skipWinSecurityPolicyChecks) doesn't even exist in 3.5.
Anyway... I tried disabling the the attachment service using group policy, but firefox ignores it.


You can manually add the setting, but it has nothing to do with the Security Warning dialog or zone information. What it does is override the "Launching applications and unsafe files" security setting in Internet Options (in the Windows Control Panel). Normally, if this setting is disabled Firefox will not allow you to download executable files at all (it needs to be set to Disable or Prompt). However, if you set skipWinSecurityPolicyChecks to true, you can download executable files even if "Launching applications and unsafe files" is disabled.

Handy feature, but it doesn't fix my original problem.

dsage
Guest
 

Post Posted July 1st, 2009, 4:40 pm

It appears that the DownThemAll! add-on does not write zone information to downloaded files, but I'd still like to see Mozilla address this problem in the native download manager.

nwg

User avatar
 
Posts: 251
Joined: June 11th, 2008, 11:20 am

Post Posted July 1st, 2009, 4:45 pm

dsage wrote:
nwg wrote:


This setting (browser.download.manager.skipWinSecurityPolicyChecks) doesn't even exist in 3.5.
Anyway... I tried disabling the the attachment service using group policy, but firefox ignores it.


You can manually add the setting, but it has nothing to do with the Security Warning dialog or zone information. What it does is override the "Launching applications and unsafe files" security setting in Internet Options (in the Windows Control Panel). Normally, if this setting is disabled Firefox will not allow you to download executable files at all (it needs to be set to Disable or Prompt). However, if you set skipWinSecurityPolicyChecks to true, you can download executable files even if "Launching applications and unsafe files" is disabled.

Handy feature, but it doesn't fix my original problem.


The thing is, when I disable the attachment service (gpedit.msc-->user configuration-->administrative templates-->windows components-->attachment manager-->do not preserve zone information...-->enable) IE stops attaching the ADS... firefox doesn't. :-k

dsage
Guest
 

Post Posted July 1st, 2009, 5:07 pm

This bug has been reported to Bugzilla here: https://bugzilla.mozilla.org/show_bug.cgi?id=499448

Please vote to help bring this issue to Mozilla's attention.

dsage
Guest
 

Post Posted July 1st, 2009, 5:10 pm

nwg wrote:The thing is, when I disable the attachment service (gpedit.msc-->user configuration-->administrative templates-->windows components-->attachment manager-->do not preserve zone information...-->enable) IE stops attaching the ADS... firefox doesn't. :-k


Exactly. Disabling the attachment service has the same effect as modifying the registry, as I described in the first post.

This is a bug. See my previous post and please vote on Bugzilla.

Alice

User avatar
 
Posts: 2627
Joined: April 23rd, 2003, 11:47 am

Post Posted July 2nd, 2009, 4:42 am

This worked for me, after making the changes in about:config and restarting Firefox 3.5:

From https://bugzilla.mozilla.org/show_bug.cgi?id=499448#c3
Comment #3 2009-07-01 20:19:21 PDT
There is a workaround for this issue that involves editing your preferences in
about:config.

First, change the value for browser.download.manager.scanWhenDone to false.
Next, add a new boolean preference named
browser.download.manager.skipWinSecurityPolicyChecks and set its value to true.
Finally, create another boolean preference named
browser.download.manager.alertOnEXEOpen and set it to false.

These three need to be in effect before the Zone.Identifier information is no
longer saved with the file.


Test download: http://port25.technet.com/videos/downloads/wmpfirefoxplugin.exe
Alice Wyman

dsage
Guest
 

Post Posted July 2nd, 2009, 6:08 pm

Thanks for posting the workaround. In my testing only browser.download.manager.alertOnEXEOpen needs to be set to false to correct this issue. browser.download.manager.skipWinSecurityPolicyChecks overrides the "Launching applications and unsafe files" setting in Windows Internet Options, which is handy but does not appear necessary for preventing Zone.Identifier information from being saved. browser.download.manager.scanWhenDone also does not appear to affect Zone.Identifier information in Firefox 3.5. Since this setting disables antivirus scanning on downloaded files, I'm leaving it enabled.

I'd still like to see Mozilla honor Windows' SaveZoneInformation setting, but this workaround appears effective.

Alice

User avatar
 
Posts: 2627
Joined: April 23rd, 2003, 11:47 am

Post Posted July 3rd, 2009, 4:23 am

dsage wrote:Thanks for posting the workaround. In my testing only browser.download.manager.alertOnEXEOpen needs to be set to false to correct this issue.


You're welcome. Thanks for posting your test results.

I added just the browser.download.manager.alertOnEXEOpen preference set to false in SeaMonkey 2 (which shows the same behavior as Firefox 3.5) and that was the only preference change needed, when testing with the exe download I posted above.

Setting that preference to false also gets rid of the ""Open Executable file?" dialog you get when you right-click the entry for an exe file in the Downloads window and select "Open" ... the same as if you checked the "Don't ask me this again" box in the dialog. See viewtopic.php?p=5445565#p5445565 for a screenshot.
Last edited by Alice on July 3rd, 2009, 7:36 am, edited 1 time in total.
Alice Wyman

Return to Firefox Support


Who is online

Users browsing this forum: Bing [Bot], Pasta88 and 12 guests