CVE-2018-20483 aka user.xdg.origin.url
rastislavcore opened this issue · 1 comments
rastislavcore commented
Troubleshooting checklist
There's a good chance the bug you're about to report is fixed in the new version of Brave
- Download latest version of Brave from https://brave.com/download/
- Import your data by navigating to brave://settings/importData
If you'd like to continue for this old version, please check the applicable items:
- Yes I did try the new version
- I believe this issue is critical for users (security issue, bug that prevents folks from using the software)
- I've read the
FAQs and Common Issues
section on community.brave.com (https://community.brave.com/c/common-issues)
Description
Downloaded files are saving URLs from which are downloaded into «user.xdg.origin.url» or «user.xdg.referrer.url»
Steps to Reproduce
- Download file
- Read with getfattr
- Check if file contain location from which was downloaded
What version of Brave are you using?
- Using Brave, navigate to
about:brave
- Under "Version information", you'll see the version (ex: 0.25.2)
- Click the clipboard icon to copy the product details and paste here
Version 0.58.17 Chromium: 71.0.3578.98 (Official Build) (64-bit)
bsclifton commented
Closing in favor of brave/brave-browser#2766 which is tracking this in the new repo
@Raisty can you please add some additional info in that version of the issue? Thanks! 😄