While I don't have an immediate exploit, attackers tricking a user to start applications does feel like in should be classified as a security bug.
I've _never_ gotten asked what application to start for a given uri scheme. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1963861 Title: Can't tell what application will be launched with custom schemes Status in snapd: New Status in firefox package in Ubuntu: New Status in snapd package in Ubuntu: New Bug description: If a url is opened such as: mailto: feed: The firefox snap package no longer shows what application will be launched. This means that websites can potentially trick a user to start applications. To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1963861/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
