Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Mozilla Thunderbird/Firefox Insecure Temporary File Creation |
|---|
Categorie: Vulnerability
Posted: 2004-11-20 by ReCall
Views: 361
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Summary
Firefox is "a fast, full-featured browser that makes browsing more efficient than ever before."
"Thunderbird, our latest email program, includes intelligent spam filters, spell-checking, security, customization, and newsgroups support."
A problem in the way Firefox and Thunderbird create temporary files when viewing files / Email attachments enables an attacker to anticipate and read the files without any restriction.
Details
Vulnerable Systems:
* Mozilla version 1.7
* Mozilla Firefox version 0.9 up to 0.9.3 inclusive
* Mozilla Thunderbird version 0.6 up to 0.8 inclusive
When opening an attachment or a link included in an Email, Thunderbird prompts the user with a dialog box giving the choice to either "Save to Disk" or to "Open with" a default program registered to open the specific file type. Likewise, Firefox will prompt the user with the same options when opening a URL pointing to a known MIME type.
For example, if a PDF file is viewed in Thunderbird, one can see the presence of a temporary file in the temporary file folder (Linux for example):
broadcast:/tmp$ ls -l *.pdf
-rw------- 1 broadcast broadcast 2002560 2004-10-24 18:38 wskbq43m.pdf
While the dialog box is still open, the file permissions are OK, and the filename is random (except for the extension). If the file is saved to disk:
broadcast:/tmp$ ls -l *.pdf
ls: *.pdf: No such file or directory
Up until now everything works like a charm. However, when viewing with a specific viewer (such as xpdf for example) the filename changes from:
broadcast:/tmp$ ls -l *.pdf
-rw------- 1 broadcast broadcast 2002560 2004-10-24 18:42 hp1h30si.pd
to:
broadcast:/tmp$ ls -l *.pdf
-rw-r--r-- 1 broadcast broadcast 2002560 2004-10-24 18:42 programming.pdf
The file becomes world readable until the user closes xpdf (or any other associated viewer used). Also, the filename becomes predictable, but if the filename already exists on /tmp, Thunderbird will choose a similar filename.
Vendor Status:
Mozilla developers are aware of the issue (bug 251297) and have fixed it in the CVS. The upcoming Mozilla releases will be immune to this vulnerability.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1094
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
