Bug 1469427 - Add settings shortcuts to download protection. r?gcp draft
authorFrancois Marier <francois@mozilla.com>
Mon, 18 Jun 2018 15:43:54 -0700
changeset 808276 a3c7a87941b31d48b833a22cd303726a6f56d11d
parent 808275 e77b0341a1ca12f9005a895be2fdd40b22209b3f
push id113335
push userfmarier@mozilla.com
push dateMon, 18 Jun 2018 23:08:19 +0000
reviewersgcp
bugs1469427
milestone62.0a1
Bug 1469427 - Add settings shortcuts to download protection. r?gcp Files with this extension are used to create shortcuts to Windows setting pages. This apparently allows invoking any binary file with any parameters. MozReview-Commit-ID: 6WOEaVG7Lq5
toolkit/components/reputationservice/ApplicationReputation.cpp
--- a/toolkit/components/reputationservice/ApplicationReputation.cpp
+++ b/toolkit/components/reputationservice/ApplicationReputation.cpp
@@ -630,16 +630,17 @@ static const char* const kBinaryFileExte
     //".run", // Linux shell
     ".scf", // Windows shell
     ".scpt", // AppleScript
     ".scptd", // AppleScript
     ".scr", // Windows
     ".sct", // Windows shell
     ".search-ms", // Windows
     ".seplugin", // AppleScript
+    ".settingcontent-ms", // Windows settings
     ".sh", // Linux shell
     ".shar", // Linux shell
     ".shb", // Windows
     ".shs", // Windows shell
     ".shtml", // HTML
     ".shtm", // HTML
     ".sht", // HTML
     //".sldm", // MS PowerPoint