User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 When you left-click on a link to a downloadable file in a web page, e.g. a .exe file, and tell Firefox to download it, it is first saved in a temporary location inside the user's home directory, and then MOVED to its final destination. On an NTFS volume, this causes the file to have the same security attributes as the user's home directory, because the move operation keeps those attributes, irrelevant of the attributes of the directory where it was saved. But let's suppose I usually save files in a shared directory, because I want them to be available to other users: the current behaviour prevents this. When saving a file by right clicking on the link and choosing Save As, instead, we have the correct behaviour: the file is created with the inherit option active, so it gets its attributes from the parent folder; this happens because in this case the file is directly created into the destination directory, no temp file and no move operation involved. Also Internet Explorer, on the other hand, saves files in a temp directory owned by the user while downloading, but has a different behaviour: when the download is finished, it COPIES the file to its final destination, and then deletes the temp file; a copy operation does not keep security attributes, so the final file correctly inherits attributes from the parent folder. I think Firefox should use a copy operation, too, instead of a move one, because having the downloaded file inherit the parent folder attributes seems to me the most intuitive behaviour. Reproducible: Always Steps to Reproduce: 1. Using Firefox on a system running on an NTFS volume, open a web page containing a link to a downloadable file, e.g. a .exe file; 2. left-click on the link, and choose to save the file in a directory which has different security attributes than your home directory, e.g. the home directory of a different user (if you are administrator and can write inside it), or a directory which allows total control to "Everyone"; 3. when the download is finished, check the file security attributes. Actual Results: The security attributes of the downloaded file are the same as the ones in my own system temporary directory, it only belongs to me. Expected Results: The file should have inherited its security attributes from the directory where I saved it, e.g. belong to the other user in my first example, or accessible by Everyone in my second one.

*** This bug has been marked as a duplicate of 224692 ***