Yes, I have read that comment. But it is two years old, so the question still remains the same: Why is it not fixed yet? If the author doesn't have the time to finish it, maybe someone else could help out? Also someone else than the author of the patch is assigned to this bug and therefore responsible for it. This was just a reminder that the bug is still valid, still a big security issue for professional users and that it hopefully won't be open for another 7 years. Still appreciating what the devs do in their free time.
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to thunderbird in Ubuntu. https://bugs.launchpad.net/bugs/1401454 Title: Thunderbird writes attachments to /tmp readable to everyone Status in Mozilla Thunderbird Mail and News: In Progress Status in thunderbird package in Ubuntu: Confirmed Bug description: When I open an attachment of an email in Thunderbird it gets written to disk with permission 644, so it is readable by everyone on the system. How to repeat: Open an E-Mail, Open an Attachment (e.g. google.png) $ cd /tmp; ls -lh -rw-r--r-- 1 theuser thegroup 2,4K Dez 11 10:39 google.png Instead, Thunderbird should write the file with permissions 600. Plus, to avoid conflicts between users, the file should be written into a directory per user, e.g. /tmp/theuser/google.png or another user specific temp directory. To manage notifications about this bug go to: https://bugs.launchpad.net/thunderbird/+bug/1401454/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
