Bug#882040: Something in Firefox writes to /tmp/tmpaddon
Josh Triplett
josh at joshtriplett.org
Fri Nov 17 22:32:43 UTC 2017
Package: firefox
Version: 57.0-1
Severity: normal
Something in Firefox seems to be writing addons to /tmp/tmpaddon as part
of the installation process. (Mentions in bugs like
https://bugzilla.mozilla.org/show_bug.cgi?id=1385303 seem to confirm
this.) This needs confirmation to make sure it isn't an insecure
tempfile vulnerability, but even if it isn't, it *should* be using a
secure temporary file name to avoid conflict with other users.
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages firefox depends on:
ii debianutils 4.8.3
ii fontconfig 2.12.3-0.2
ii libatk1.0-0 2.26.1-1
ii libc6 2.24-17
ii libcairo-gobject2 1.15.8-2
ii libcairo2 1.15.8-2
ii libdbus-1-3 1.12.2-1
ii libdbus-glib-1-2 0.108-3
ii libevent-2.1-6 2.1.8-stable-4
ii libffi6 3.2.1-6
ii libfontconfig1 2.12.3-0.2
ii libfreetype6 2.8.1-0.1
ii libgcc1 1:7.2.0-16
ii libgdk-pixbuf2.0-0 2.36.11-1
ii libglib2.0-0 2.54.2-1
ii libgtk-3-0 3.22.26-1
ii libgtk2.0-0 2.24.31-2
ii libhunspell-1.6-0 1.6.2-1
ii libjsoncpp1 1.7.4-3
ii libnspr4 2:4.16-1
ii libnss3 2:3.33-1
ii libpango-1.0-0 1.40.13-2
ii libsqlite3-0 3.21.0-1
ii libstartup-notification0 0.12-4+b2
ii libstdc++6 7.2.0-16
ii libvpx4 1.6.1-3
ii libx11-6 2:1.6.4-3
ii libx11-xcb1 2:1.6.4-3
ii libxcb-shm0 1.12-1
ii libxcb1 1.12-1
ii libxcomposite1 1:0.4.4-2
ii libxdamage1 1:1.1.4-3
ii libxext6 2:1.3.3-1+b2
ii libxfixes3 1:5.0.3-1
ii libxrender1 1:0.9.10-1
ii libxt6 1:1.1.5-1
ii procps 2:3.3.12-3
ii zlib1g 1:1.2.8.dfsg-5
firefox recommends no packages.
Versions of packages firefox suggests:
ii fonts-lmodern 2.004.5-3
pn fonts-stix | otf-stix <none>
ii libcanberra0 0.30-4
ii libgssapi-krb5-2 1.15.2-2
pn mozplugger <none>
-- no debconf information
More information about the pkg-mozilla-maintainers
mailing list