CVE-2018-20483 aka user.xdg.origin.url

[rastislavcore]

Troubleshooting checklist

There's a good chance the bug you're about to report is fixed in the new version of Brave

• Download latest version of Brave from https://brave.com/download/
• Import your data by navigating to brave://settings/importData

If you'd like to continue for this old version, please check the applicable items:

• Yes I did try the new version
• I believe this issue is critical for users (security issue, bug that prevents folks from using the software)
• I've read the FAQs and Common Issues section on community.brave.com (https://community.brave.com/c/common-issues)

Description

Downloaded files are saving URLs from which are downloaded into «user.xdg.origin.url» or «user.xdg.referrer.url»

Steps to Reproduce

1. Download file
2. Read with getfattr
3. Check if file contain location from which was downloaded

What version of Brave are you using?

• Using Brave, navigate to about:brave
• Under "Version information", you'll see the version (ex: 0.25.2)
• Click the clipboard icon to copy the product details and paste here

Version 0.58.17 Chromium: 71.0.3578.98 (Official Build) (64-bit)

[bsclifton]

Closing in favor of brave/brave-browser#2766 which is tracking this in the new repo

@Raisty can you please add some additional info in that version of the issue? Thanks! 😄