Usually in the "Details" section about a package there is a link. When clicked, the link opens a browser as root user which, considering the filesystem level access, presents a possible security issue.
With firefox it also shows a message first time about not having used firefox in a while and asks to "refresh" it for you.
$ ps aux | grep firefox
root 25423 65.2 4.2 2281028 344632 ? Sl 13:15 0:15 firefox http://sourceforge.net/projects/bwbasic
The obvious solution is to open the browser as the regular user who called polkit, how simple that is in practise I've no idea.
Would imagine Cauldron is the same.
Currently, such link seems to open firefox as I see a moving firefox icon next to mouse cursor. But, firefox never displays.
Assigning to Cauldron to further investigation.
Also, link should not be open in a root owned window.
This is High priority bug for a good reason.
Making Mageia even better than ever is best direction.
In order to do right thing, this bug should be examined and fixed as soon as possible.
Packagers, please make the status to Assigned when you are working on this.
Feel free to reassign the bug if bad-triaged. Also, if bug is old, please close it.
On October 1st 2020, we will drop priority to normal.