Bug#882040: Something in Firefox writes to /tmp/tmpaddon

Josh Triplett josh at joshtriplett.org
Fri Nov 17 22:32:43 UTC 2017 

Package: firefox
Version: 57.0-1
Severity: normal

Something in Firefox seems to be writing addons to /tmp/tmpaddon as part
of the installation process. (Mentions in bugs like
https://bugzilla.mozilla.org/show_bug.cgi?id=1385303 seem to confirm
this.) This needs confirmation to make sure it isn't an insecure
tempfile vulnerability, but even if it isn't, it *should* be using a
secure temporary file name to avoid conflict with other users.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox depends on:
ii  debianutils               4.8.3
ii  fontconfig                2.12.3-0.2
ii  libatk1.0-0               2.26.1-1
ii  libc6                     2.24-17
ii  libcairo-gobject2         1.15.8-2
ii  libcairo2                 1.15.8-2
ii  libdbus-1-3               1.12.2-1
ii  libdbus-glib-1-2          0.108-3
ii  libevent-2.1-6            2.1.8-stable-4
ii  libffi6                   3.2.1-6
ii  libfontconfig1            2.12.3-0.2
ii  libfreetype6              2.8.1-0.1
ii  libgcc1                   1:7.2.0-16
ii  libgdk-pixbuf2.0-0        2.36.11-1
ii  libglib2.0-0              2.54.2-1
ii  libgtk-3-0                3.22.26-1
ii  libgtk2.0-0               2.24.31-2
ii  libhunspell-1.6-0         1.6.2-1
ii  libjsoncpp1               1.7.4-3
ii  libnspr4                  2:4.16-1
ii  libnss3                   2:3.33-1
ii  libpango-1.0-0            1.40.13-2
ii  libsqlite3-0              3.21.0-1
ii  libstartup-notification0  0.12-4+b2
ii  libstdc++6                7.2.0-16
ii  libvpx4                   1.6.1-3
ii  libx11-6                  2:1.6.4-3
ii  libx11-xcb1               2:1.6.4-3
ii  libxcb-shm0               1.12-1
ii  libxcb1                   1.12-1
ii  libxcomposite1            1:0.4.4-2
ii  libxdamage1               1:1.1.4-3
ii  libxext6                  2:1.3.3-1+b2
ii  libxfixes3                1:5.0.3-1
ii  libxrender1               1:0.9.10-1
ii  libxt6                    1:1.1.5-1
ii  procps                    2:3.3.12-3
ii  zlib1g                    1:1.2.8.dfsg-5

firefox recommends no packages.

Versions of packages firefox suggests:
ii  fonts-lmodern          2.004.5-3
pn  fonts-stix | otf-stix  <none>
ii  libcanberra0           0.30-4
ii  libgssapi-krb5-2       1.15.2-2
pn  mozplugger             <none>

-- no debconf information

More information about the pkg-mozilla-maintainers mailing list