Open Bug 1140159 Opened 7 years ago Updated 7 years ago
downloaded files should be placed in a non-traversable subdirectory of /tmp to avoid leaking file metadata to other system users
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Build ID: 20150125222008 Steps to reproduce: This only affects Linux. Just go to some place that offers you to download something. On Firefox prompt, select open instead of save. Actual results: The file is downloaded into /tmp directory. It has permission u+r to prevent any other user to open it. Expected results: The file should be placed in some temporary directory in /tmp directory itself. The traverse right (+x) being only granted to the user. This would prevent to leak metadata information (file name, file size & so on) about what the user is browsing to the other users on the system.
I guess this is an extension to bug 1009465.
Component: Untriaged → Download Manager
Product: Firefox → Toolkit
Summary: Firefox has insecure usage of /tmp directory → downloaded files should be placed in a non-traversable subdirectory of /tmp to avoid leaking file metadata to other system users
You need to log in before you can comment on or make changes to this bug.