FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- insecure permissions for some downloaded files

Affected packages
thunderbird < 0.9
de-linux-mozillafirebird < 1.0.r2,1
el-linux-mozillafirebird < 1.0.r2,1
firefox < 1.0.r2,1
ja-linux-mozillafirebird-gtk1 < 1.0.r2,1
ja-mozillafirebird-gtk2 < 1.0.r2,1
linux-mozillafirebird < 1.0.r2,1
ru-linux-mozillafirebird < 1.0.r2,1
zhCN-linux-mozillafirebird < 1.0.r2,1
zhTW-linux-mozillafirebird < 1.0.r2,1
de-netscape7 <= 7.2
fr-netscape7 <= 7.2
ja-netscape7 <= 7.2
netscape7 <= 7.2
pt_BR-netscape7 <= 7.2
linux-mozilla < 1.7.5
linux-mozilla-devel < 1.7.5
mozilla-gtk1 < 1.7.5
mozilla < 1.7.5,2
0 <= de-linux-netscape
0 <= fr-linux-netscape
0 <= ja-linux-netscape
0 <= linux-netscape
0 <= linux-phoenix
0 <= mozilla+ipv6
0 <= mozilla-embedded
0 <= mozilla-firebird
0 <= mozilla-gtk
0 <= mozilla-gtk2
0 <= mozilla-thunderbird
0 <= phoenix

Details

VuXML ID a77849a5-696f-11d9-ae49-000c41e2cdad
Discovery 2004-07-13
Entry 2005-01-18

In a Mozilla bug report, Daniel Kleinsinger writes:

I was comparing treatment of attachments opened directly from emails on different platforms. I discovered that Linux builds save attachments in /tmp with world readable rights. This doesn't seem like a good thing. Couldn't someone else logged onto the same machine read your attachments?

This could expose the contents of downloaded files or email attachments to other users on a multi-user system.

References

Message 417C19F1.2040107@ptraced.net
URL https://bugzilla.mozilla.org/show_bug.cgi?id=251297