FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- insecure permissions for some downloaded files

Affected packages
		thunderbird	<	0.9
		de-linux-mozillafirebird	<	1.0.r2,1
		el-linux-mozillafirebird	<	1.0.r2,1
		firefox	<	1.0.r2,1
		ja-linux-mozillafirebird-gtk1	<	1.0.r2,1
		ja-mozillafirebird-gtk2	<	1.0.r2,1
		linux-mozillafirebird	<	1.0.r2,1
		ru-linux-mozillafirebird	<	1.0.r2,1
		zhCN-linux-mozillafirebird	<	1.0.r2,1
		zhTW-linux-mozillafirebird	<	1.0.r2,1
		de-netscape7	<=	7.2
		fr-netscape7	<=	7.2
		ja-netscape7	<=	7.2
		netscape7	<=	7.2
		pt_BR-netscape7	<=	7.2
		linux-mozilla	<	1.7.5
		linux-mozilla-devel	<	1.7.5
		mozilla-gtk1	<	1.7.5
		mozilla	<	1.7.5,2
0	<=	de-linux-netscape
0	<=	fr-linux-netscape
0	<=	ja-linux-netscape
0	<=	linux-netscape
0	<=	linux-phoenix
0	<=	mozilla+ipv6
0	<=	mozilla-embedded
0	<=	mozilla-firebird
0	<=	mozilla-gtk
0	<=	mozilla-gtk2
0	<=	mozilla-thunderbird
0	<=	phoenix

Details

VuXML ID	a77849a5-696f-11d9-ae49-000c41e2cdad
Discovery	2004-07-13
Entry	2005-01-18

In a Mozilla bug report, Daniel Kleinsinger writes:

I was comparing treatment of attachments opened directly from emails on different platforms. I discovered that Linux builds save attachments in /tmp with world readable rights. This doesn't seem like a good thing. Couldn't someone else logged onto the same machine read your attachments?

[source]

This could expose the contents of downloaded files or email attachments to other users on a multi-user system.

References

Message	417C19F1.2040107@ptraced.net
URL	https://bugzilla.mozilla.org/show_bug.cgi?id=251297