Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Mulongo oyo etiyamaki na archive. Tuna motuna mosusu soki osengeli na lisalisi

Is there a way to disable "Open File" and "Save Page As" operation from the menu?

  • 4 biyano
  • 1 eza na nkokoso oyo
  • 126 views
  • Eyano yasuka ya Mike Kaply

more options

Our company is using Firefox. We recently have found that you can launch Command Prompt or PowerShell by typing "cmd" or "powershell" into address bar of "Open File" or "Save Page As" menu.

Since we can not accept this behavior for security reasons, we are considering disabling "Open File" and "Save Page As" feature themselves. Is there a way to realize this?

We sought options to disable these features, but could not find any so far. Or If there is alternative solution for this, that would be highly appreciated if you share your knowledge.

moved from Firefox -> Firefox for Enterprise

Our company is using Firefox. We recently have found that you can launch Command Prompt or PowerShell by typing "cmd" or "powershell" into address bar of "Open File" or "Save Page As" menu. Since we can not accept this behavior for security reasons, we are considering disabling "Open File" and "Save Page As" feature themselves. Is there a way to realize this? We sought options to disable these features, but could not find any so far. Or If there is alternative solution for this, that would be highly appreciated if you share your knowledge. ''moved from Firefox -> Firefox for Enterprise''
Bafoto sur écran jointes

Ezalaki modifié na Andrew

All Replies (4)

more options

Is that Windows 10? It seems to affect all File Explorer dialogs.

For example, if I click the Browse button below this box to open a file browser to attach an image, and type cmd into the path box at the top and press Enter, then Windows launches cmd.exe.

Have you found a solution for other browsers?

more options

Thank you for the reply. I'm sorry my explanation was not enough.

Our machines (yes, they are Windows 10) are isolated from the internet.

However, Firefox is the only exception. It's running inside local sandbox which is generated by a specific solution, and can connect to the internet. (It's like a local virtual browser without server)

Files downloaded by Firefox are stored inside the sandbox, thus host machine should be safe theoretically. However, if user can run malicious files downloaded from the internet using this "Open File" method...? The user may "break" the sandbox by using the file and may cause a bad consequence.

We want to mitigate this risk. That is why I limited the scope of question into only Firefox.

Ezalaki modifié na Flagab

more options

We don't currently implement this.

Chrome has a policy for this

AllowFileSelectionDialogs

I'll add it to our backlog.

more options

Solution eye oponami