```
CVE-??:
title: Opened attachments are saved world-readable
impact: moderate
reporter: Pierre Sauter
description: |
Thunderbird 91.4.1-91.6.1 saves opened attachment files in the temporary
directory with world-readable permissions.
bugs:
- url: 1753242
```
Kai - We'd like advisory for this bug.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1959604
Title:
[upstream] Thunderbird 91.5.0 regression: writes attachments to /tmp
readable to everyone
Status in Mozilla Thunderbird:
Fix Released
Status in thunderbird package in Ubuntu:
Triaged
Bug description:
thunderbird saves opened attachments to /tmp with permissions
according to umask setting. This was fixed a long time ago with a
protected folder /tmp/mozilla_${USER}0 and was still working correctly
as of version 78.14.0+build1-0ubuntu0.20.04.2. The recent update to
1:91.5.0+build1-0ubuntu0.20.04.1 reintroduced the bug.
Ubuntu 20.04.3 LTS
Kernel release: 5.13.0-25-generic
Architecture: x86_64
To manage notifications about this bug go to:
https://bugs.launchpad.net/thunderbird/+bug/1959604/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
