User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050825 Firefox/1.0.4 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050825 Firefox/1.0.4 Information leaks appear in Firefox and Thunderbird that allow limited tracking of user activity on multi-user systems. In particular, it is possible to see the file names and sizes of files viewed from web pages or opened from e-mail attachments. This information is typically hidden from other users, because browser history and e-mail content is not accessible from other accounts. Although this bug is illustrated on Linux, it affects all Unicies most likely, and could have fixable scope on Windows. Reproducible: Always Steps to Reproduce: 1. Open Firefox 2. Go to http://www.ocremix.org/ 3. Open an mp3 file in Totem et al from the site; do NOT save to disk first 4. Look at /tmp and find the file name 5. Google for the file name (without .mp3 perhaps, perhaps parts of it) 6. Find your way BACK to the original file either directly or through forums 7. Verify size and filename 8. Check it out, you just forensically reconstructed your previous activities in minutes! If it's thunderbird, 1. Open an attachment from a message 2. Look in /tmp and find the file name 3. Ponder what kinds of damaging file names could be there ("drakon_project_TS_finance.xls" could represent a leak of a top secret project name?) Actual Results: Light information leak. Expected Results: Can't find this stuff unless you own the files. Fixing this is easy. char tmpdir; char pathname; tmpdir = mkdtemp("/tmp/firefox_XXXXXX"); /*make temporary directory, mode 0700*/ snprintf(pathname, "%s/%s", tmpdir, filename); /*Make a path at /tmp/firefox_??????/$(filename)*/ Using mkdtemp() like this will allow Firefox to create a unique temporary directory with restrictive permissions in /tmp at startup, and store files in there. This in turn will prevent other users from simply looking into the temporary directory (because it's drwx------) and seeing the filenames and sizes.
Making public per Bluefox in #firefox.
Confirming, this is a privacy leak for users on a shared-access machine.
i think fixing this is probably best done closer to xpcom...