Open
Bug 1140159
Opened 10 years ago
Updated 2 years ago
downloaded files should be placed in a non-traversable subdirectory of /tmp to avoid leaking file metadata to other system users
Categories
(Toolkit :: Downloads API, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: pierre, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Build ID: 20150125222008 Steps to reproduce: This only affects Linux. Just go to some place that offers you to download something. On Firefox prompt, select open instead of save. Actual results: The file is downloaded into /tmp directory. It has permission u+r to prevent any other user to open it. Expected results: The file should be placed in some temporary directory in /tmp directory itself. The traverse right (+x) being only granted to the user. This would prevent to leak metadata information (file name, file size & so on) about what the user is browsing to the other users on the system.
Comment 1•10 years ago
|
||
I guess this is an extension to bug 1009465.
Component: Untriaged → Download Manager
Product: Firefox → Toolkit
Summary: Firefox has insecure usage of /tmp directory → downloaded files should be placed in a non-traversable subdirectory of /tmp to avoid leaking file metadata to other system users
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•