Information leak of file names being viewed from web pages




File Handling
12 years ago
a year ago


(Reporter: John R. Moser, Unassigned)


({privacy, sec-low})

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [sg:low])



12 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050825 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050825 Firefox/1.0.4

Information leaks appear in Firefox and Thunderbird that allow limited tracking
of user activity on multi-user systems.  In particular, it is possible to see
the file names and sizes of files viewed from web pages or opened from e-mail
attachments.  This information is typically hidden from other users, because
browser history and e-mail content is not accessible from other accounts.

Although this bug is illustrated on Linux, it affects all Unicies most likely,
and could have fixable scope on Windows.

Reproducible: Always

Steps to Reproduce:
1.  Open Firefox
2.  Go to
3.  Open an mp3 file in Totem et al from the site; do NOT save to disk first
4.  Look at /tmp and find the file name
5.  Google for the file name (without .mp3 perhaps, perhaps parts of it)
6.  Find your way BACK to the original file either directly or through forums
7.  Verify size and filename
8.  Check it out, you just forensically reconstructed your previous activities
in minutes!

If it's thunderbird,
1.  Open an attachment from a message
2.  Look in /tmp and find the file name
3.  Ponder what kinds of damaging file names could be there
("drakon_project_TS_finance.xls" could represent a leak of a top secret project
Actual Results:  
Light information leak.

Expected Results:  
Can't find this stuff unless you own the files.

Fixing this is easy.

char tmpdir[20];
char pathname[255];
tmpdir   = mkdtemp("/tmp/firefox_XXXXXX"); /*make temporary directory,
                                            mode 0700*/
snprintf(pathname, "%s/%s", tmpdir, filename); /*Make a path at

Using mkdtemp() like this will allow Firefox to create a unique temporary
directory with restrictive permissions in /tmp at startup, and store files in
there.  This in turn will prevent other users from simply looking into the
temporary directory (because it's drwx------) and seeing the filenames and sizes.


12 years ago
Keywords: privacy

Comment 1

12 years ago
Making public per Bluefox in #firefox.
Group: security
Whiteboard: [sg:investigate]
Confirming, this is a privacy leak for users on a shared-access machine.
Ever confirmed: true
Whiteboard: [sg:investigate] → [sg:local]
Whiteboard: [sg:local] → [sg:low]

Comment 3

7 years ago
i think fixing this is probably best done closer to xpcom...
Component: Security → File Handling
Product: Firefox → Core
QA Contact: firefox → file-handling
Version: unspecified → Trunk
Keywords: sec-low


a year ago
Component: File Handling → File Handling
Product: Core → Firefox
Version: Trunk → unspecified
You need to log in before you can comment on or make changes to this bug.