blob: a22dd3e9ac0bb088e19fa6bc20f71d6c9aa39a87 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
Fixes CVE-2024-11697 (Improper Keypress Handling in Executable File Confirmation Dialog)
Copied from <https://hg.mozilla.org/releases/mozilla-esr128/rev/936e95e3b008cb9bcccd1512332b45757a4bb7f6>
# HG changeset patch
# User Gijs Kruitbosch <gijskruitbosch@gmail.com>
# Date 1731505009 0
# Node ID 936e95e3b008cb9bcccd1512332b45757a4bb7f6
# Parent fbed98e3e9cdc2f99af7a2a14f7184f51fe07d8e
Bug 1842187 a=dmeehan
Original Revision: https://phabricator.services.mozilla.com/D223948
Differential Revision: https://phabricator.services.mozilla.com/D228631
diff --git a/toolkit/components/downloads/DownloadUIHelper.sys.mjs b/toolkit/components/downloads/DownloadUIHelper.sys.mjs
--- a/toolkit/components/downloads/DownloadUIHelper.sys.mjs
+++ b/toolkit/components/downloads/DownloadUIHelper.sys.mjs
@@ -166,17 +166,20 @@ DownloadPrompter.prototype = {
const title = lazy.l10n.formatValueSync(
"download-ui-file-executable-security-warning-title"
);
const message = lazy.l10n.formatValueSync(
"download-ui-file-executable-security-warning",
{ executable: PathUtils.filename(path) }
);
- return this._prompter.confirm(title, message);
+ let flags =
+ Ci.nsIPrompt.BUTTON_DELAY_ENABLE | Ci.nsIPrompt.STD_OK_CANCEL_BUTTONS;
+ let nulls = Array(4).fill(null);
+ return 0 == this._prompter.confirmEx(title, message, flags, ...nulls, {});
},
/**
* Displays a warning message box that informs that there are active
* downloads, and asks whether the user wants to cancel them or not.
*
* @param aDownloadsCount
* The current downloads count.
|