X

Transformation of downloaded .dmg files to .exe files (#3)

We're still trying to nail down the cause of a mysterious issue where .dmg files take on a .exe extension during the download process.

CNET staff
See full bio
CNET staff
2 min read

Noted as Firefox bug with no resolution MacFixIt reader Michael Moulton points us to a Bugzilla entry indicating that the issue we've been tracking for the past few days -- where certain .dmg files downloaded from the Web transform into files with .exe extensions either temporarily (during the download) or permanently --- has been a noted bug for quite some time with no resolution.

The best description of the behavior comes from poster Wayne Woods, who writes:

"When the initial 'download actions' (i.e. 'What should Firefox do with this file?') dialog box comes up, it seems that half the time it creates a placeholder file ending in the correct extension, and the other half it chooses '.exe' as the suffix instead. [...]

Another MacFixIt reader posits the lukewarm theory that files are given the .exe extension in a deliberate attempt to obviate .dmg-based launch vulnerabilities.

"I've seen it happen for a few years now, always within Mozilla. For some reason or other, it downloads the file with a temporary name, then when the download is complete, it renames it to the proper name. Unfortunately, it appears that for things like DMG files (but they also occur when downloading others), Mozilla will use (random characters).exe as the temporary name (based off the MIME type?).

"Now, it's possible that the EXE files remain if Firefox or Mozilla crashes while downloading, or the download is cancelled or aborted. The rename to the proper name only happens when the download completes successfully.

"It's a quirk of Firefox/Mozilla. Maybe it does this to avoid having the 'Launch' button enabled for DMG files (due to several DMG vulnerabilities over the years?)."

We are attempting to follow up with Firefox developers regarding the nature of this "bug," or potential feature, as it were.

Feedback? Late-breakers@macfixit.com.

Previous coverage:

Resources

  • Bugzilla entry
  • Late-breakers@macfixit.com
  • Transformation of download...
  • Mysterious appearance of ....
  • More from Late-Breakers

    • Computing Guides

    Laptops
    Desktops & Monitors
    Computer Accessories
    Photography
    Tablets & E-Readers
    3D Printers
    Computing Coupons