Open Bug 1140159 Opened 10 years ago Updated 2 years ago

downloaded files should be placed in a non-traversable subdirectory of /tmp to avoid leaking file metadata to other system users

Categories

(Toolkit :: Downloads API, defect)

35 Branch
x86_64
Linux
defect

Tracking

()

UNCONFIRMED

People

(Reporter: pierre, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Build ID: 20150125222008

Steps to reproduce:

This only affects Linux.
Just go to some place that offers you to download something. On Firefox prompt, select open instead of save.


Actual results:

The file is downloaded into /tmp directory. It has permission u+r to prevent any other user to open it.


Expected results:

The file should be placed in some temporary directory in /tmp directory itself. The traverse right (+x) being only granted to the user. This would prevent to leak metadata information (file name, file size & so on) about what the user is browsing to the other users on the system.
I guess this is an extension to bug 1009465.
Component: Untriaged → Download Manager
Product: Firefox → Toolkit
Summary: Firefox has insecure usage of /tmp directory → downloaded files should be placed in a non-traversable subdirectory of /tmp to avoid leaking file metadata to other system users
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.