this post was submitted on 05 Feb 2024
8 points (64.3% liked)

Firefox

17804 readers
81 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
all 15 comments
sorted by: hot top controversial new old
[–] [email protected] 28 points 8 months ago (2 children)

That sounds like a great idea until you download a zip bomb

[–] [email protected] 2 points 8 months ago

It's my understanding that this is the default behavior on Macs: https://old.reddit.com/r/firefox/comments/n5l4de/is_there_an_addon_that_unzips_a_zip_file/

If they can do it, why can't we?

[–] [email protected] 1 points 8 months ago (1 children)

Doesn't most software now recognize that now though?

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago) (1 children)

ZIP bomb is definitely among the most mundane of issues you could cause yourself by automatically unzipping a compressed archive.

[–] [email protected] 7 points 8 months ago

If this werent a firefox question id say wget url | tar -xvf

[–] [email protected] 7 points 8 months ago (1 children)

As an IT Engineer this concept frankly terrified me and feels like your opening yourself up to a potential zero click attack - such as https://threatpost.com/apple-mail-zero-click-security-vulnerability/165238/

So my initial answer is an emphatic "please do not the ZIP". It could be as mundane as a ZIP bomb, or it could explain a vulnerability in the operating system or automatic extraction program. Having a human required to open the ZIP prior to its expansion reduces its attack surface area somewhat (but not eliminates it) because it allows the human to go "huh this ZIP looks funny" if something is off, rather than just dispatching an automated task.

With that out of the way - what's your use case with this? There has to be a specific reason your interested in saving a few clips here on one highly specific archive format, but not others like the tar unix archive, 7z, or RAR.

[–] [email protected] 7 points 8 months ago

You could write a bash script using inotifywait to watch for new files in your download folder and extract them if they are archives.

[–] [email protected] 5 points 8 months ago (1 children)

I think it needs to be done by the operating system, extensions nowadays don't have the permissions to do that.

When I was using MacOS it automatically extract zipped files and I hated it so much, you accidentally click on a link, it automatically saves in download and automatically unzip it, leading to too much trash in downloads...

[–] [email protected] 1 points 8 months ago

leading to too much trash in downloads…

Uhh, couldn't they just extract it into a folder? Then it's identical to being compressed.

[–] [email protected] 1 points 8 months ago

Unpackerr is usually used for unzipping files downloaded automatically by Radar or Sonarr, but it can also be configured to point to any folder, like your downloads. It’s fairly easy to set up, especially if you’re just pointing it to a folder.

[–] [email protected] 1 points 8 months ago

I wouldn't but Firefox has a Files and Applications menu where you can set what actions it performs on downloading a file. You could set that to automatically open with an zip extracting program or a batch file / bash script.

But safari's "feature" sounds dangerous to me - it would be a good vector to attack a system - also just bloody annoying. I wouldn't want the content of my zip files spewed all over my downloads folder.

But yes Firefox can hand any downloaded file over to another program on download if you want to go that way. I don't think it can run an executable though, although again you could probably write a batch file to do that on windows (and possibly a bash script on m Linux) if you like living dangerously.

But just because you can do something doesn't mean you should.