Closed
Bug 64274
Opened 24 years ago
Closed 24 years ago
Major security issue - files that mozilla put into /tmp are world-readable
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: tux, Assigned: pollmann)
Details
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-3 i686; en-US; m18) Gecko/20001129
BuildID: 2000112921
I have discovered that when I fill some form in mozilla and submit it, it will
create a file called "formpost" or "formpost" + some number in /tmp directory.
Problem is that this file has permissions to be world-readable, so anyone with
read permission in /tmp directory (usually all people have read-write permission
there on most unix systems) can read it, possibly revealing passwords, email,
credit card numbers, etc ...
Reproducible: Always
Steps to Reproduce:
Submit any form with post method
look into /tmp for file called "formpost"
Actual Results: The file "formpost" is world-readable. (644 permission) It
should have only 600 permission)
Note that mozilla won't delete the files on exit
Expected Results: Set that file to be not world-readable
Comment 1•24 years ago
|
||
Over to form manager component, severity to major, I guess this is a dup.
Assignee: asa → morse
Severity: normal → major
Component: Browser-General → Form Manager
QA Contact: doronr → tpreston
Confirming and changing component to "Form Submission".
Assignee: morse → rods
Status: UNCONFIRMED → NEW
Component: Form Manager → Form Submission
Ever confirmed: true
Keywords: mozilla0.9,
nsbeta1
QA Contact: tpreston → vladimire
Comment 3•24 years ago
|
||
eric, I'll let you handle this one, I know it is a favorite of yours.
Assignee: rods → pollmann
Assignee | ||
Comment 5•24 years ago
|
||
Thanks Richard!
*** This bug has been marked as a duplicate of 15320 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
vrfy dupe of bug 15320 Forms/Necko: Temp file left after file upload
URL: any
Status: RESOLVED → VERIFIED
Updated•6 years ago
|
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•