FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- insecure temporary directory vulnerability

Affected packages
firefox < 1.0.1,1
mozilla < 1.7.6,2
linux-mozilla < 1.7.6
linux-mozilla-devel < 1.7.6
0 <= netscape7
0 <= de-linux-mozillafirebird
0 <= el-linux-mozillafirebird
0 <= ja-linux-mozillafirebird-gtk1
0 <= ja-mozillafirebird-gtk2
0 <= linux-mozillafirebird
0 <= ru-linux-mozillafirebird
0 <= zhCN-linux-mozillafirebird
0 <= zhTW-linux-mozillafirebird
0 <= de-linux-netscape
0 <= de-netscape7
0 <= fr-linux-netscape
0 <= fr-netscape7
0 <= ja-linux-netscape
0 <= ja-netscape7
0 <= linux-netscape
0 <= linux-phoenix
0 <= mozilla+ipv6
0 <= mozilla-embedded
0 <= mozilla-firebird
0 <= mozilla-gtk
0 <= mozilla-gtk1
0 <= mozilla-gtk2
0 <= mozilla-thunderbird
0 <= phoenix
0 <= pt_BR-netscape7

Details

VuXML ID d022754d-8839-11d9-aa18-0001020eed82
Discovery 2005-02-06
Entry 2005-02-26

A Mozilla Foundation Security Advisory reports:

A predictable name is used for the plugin temporary directory. A malicious local user could symlink this to the victim's home directory and wait for the victim to run Firefox. When Firefox shuts down the victim's directory would be erased.

References

URL http://www.mozilla.org/security/announce/mfsa2005-28.html
URL https://bugzilla.mozilla.org/show_bug.cgi?id=281284