mozilla -- insecure permissions for some downloaded files
Description:
In a Mozilla bug report, Daniel Kleinsinger writes:
I was comparing treatment of attachments opened directly
from emails on different platforms. I discovered that Linux
builds save attachments in /tmp with world readable rights.
This doesn't seem like a good thing. Couldn't someone else
logged onto the same machine read your attachments?
This could expose the contents of downloaded files or email
attachments to other users on a multi-user system.
References:
Affects:
- thunderbird <0.9
- de-linux-mozillafirebird <1.0.r2,1
- el-linux-mozillafirebird <1.0.r2,1
- firefox <1.0.r2,1
- ja-linux-mozillafirebird-gtk1 <1.0.r2,1
- ja-mozillafirebird-gtk2 <1.0.r2,1
- linux-mozillafirebird <1.0.r2,1
- ru-linux-mozillafirebird <1.0.r2,1
- zhCN-linux-mozillafirebird <1.0.r2,1
- zhTW-linux-mozillafirebird <1.0.r2,1
- de-netscape7 <=7.2
- fr-netscape7 <=7.2
- ja-netscape7 <=7.2
- netscape7 <=7.2
- pt_BR-netscape7 <=7.2
- mozilla-gtk1 <1.7.5
- linux-mozilla <1.7.5
- linux-mozilla-devel <1.7.5
- mozilla <1.7.5,2
- de-linux-netscape >=0
- fr-linux-netscape >=0
- ja-linux-netscape >=0
- linux-netscape >=0
- linux-phoenix >=0
- mozilla+ipv6 >=0
- mozilla-embedded >=0
- mozilla-firebird >=0
- mozilla-gtk2 >=0
- mozilla-gtk >=0
- mozilla-thunderbird >=0
- phoenix >=0
portaudit: mozilla -- insecure permissions for some downloaded files
Disclaimer: The data contained on this page is derived from the VuXML document,
please refer to the the original document for copyright information. The author of
portaudit makes no claim of authorship or ownership of any of the information contained herein.
If you have found a vulnerability in a FreeBSD port not listed in the
database, please contact the
FreeBSD Security Officer. Refer to
"FreeBSD Security
Information" for more information.
Oliver Eikemeier <eik@FreeBSD.org>