-
Michael Catanzaro authored
This is inherently unsafe because a webpage can download a malicious file without user interaction, and trust it will open automatically in a vulnerable application. We will continue to download files automatically, despite the various Chrome hacks from last year proving that this can be abused via tracker and GNOME desktop thumbnailers. Tracker now mitigates this risk using libseccomp, and GNOME desktop thumbnailers are now run under bubblewrap. https://bugzilla.gnome.org/show_bug.cgi?id=794681
a41416c9