Using Thunderbird 38.8.0 in Ubuntu 16.04, when I open a pdf I now get a
-r 1 thomas thomas 19K Jun 16 18:28 filename.pdf
So nobody can read the file, which is 95% of the security fix. The
remaining 5% would be to not expose the file name to other users.
That's exactly how it is done for
The rights setting in /tmp is 644, not 755.
Anyway, what is so complicated setting them to 600?
And by the way, couldn't these files be deleted at some time?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://b
Bug continues, all users of thunderbird use /tmp as 755 so everybody can
read attachments that one user has opened. Is there any straight
solution ? It´s a great fail of security.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbi
** Changed in: thunderbird
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1401454
Title:
Thunderbird writes attachments to /tmp readable t
As the discussion about this was going on for 8 years in the mozilla
community, I suggest to at least set permissions right in the distros.
For the moment, there is only one path (which is /tmp) and there is only
the original name used. That said, concurrent users could overwrite
their temporary f
I was wrong. Not overwrite, just read. Which makes it even less probable
to break things.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1401454
Title:
Thunderbird writes attachme
** Changed in: thunderbird
Status: In Progress => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1401454
Title:
Thunderbird writes attachments to /tmp readable to
I don't think you should pay so much attention to the "assignee" field
or the status. Both are often bogus.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1401454
Title:
Thunderb
vipul, which is assigned to this bug, was last active 2010, so please
remove him from this bug and change the status to NEW.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1401454
T
Yes, I have read that comment. But it is two years old, so the question
still remains the same: Why is it not fixed yet? If the author doesn't
have the time to finish it, maybe someone else could help out? Also
someone else than the author of the patch is assigned to this bug and
therefore responsi
The patch is not approved because the patch author doesn't think it's
ready. See comment 40, which I assume you _did_ read before commenting?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.n
This over 7 year old bug is security related and still valid in
Thunderbird 31.3. So why is the patch not approved? On home computers
this is not a big issue but in companies with multi-user setup is really
is, so this needs to be fixed fast.
--
You received this bug notification because you are
Launchpad has imported 42 comments from the remote bug at
https://bugzilla.mozilla.org/show_bug.cgi?id=377630.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://he
** Bug watch added: Mozilla Bugzilla #377630
https://bugzilla.mozilla.org/show_bug.cgi?id=377630
** Also affects: thunderbird via
https://bugzilla.mozilla.org/show_bug.cgi?id=377630
Importance: Unknown
Status: Unknown
** Information type changed from Private Security to Public Sec
14 matches
Mail list logo
