Bug#882040: Something in Firefox writes to /tmp/tmpaddon
Mike Hommey
mh at glandium.org
Fri Nov 17 23:03:21 UTC 2017
On Fri, Nov 17, 2017 at 02:32:43PM -0800, Josh Triplett wrote:
> Package: firefox
> Version: 57.0-1
> Severity: normal
>
> Something in Firefox seems to be writing addons to /tmp/tmpaddon as part
> of the installation process. (Mentions in bugs like
> https://bugzilla.mozilla.org/show_bug.cgi?id=1385303 seem to confirm
> this.) This needs confirmation to make sure it isn't an insecure
> tempfile vulnerability, but even if it isn't, it *should* be using a
> secure temporary file name to avoid conflict with other users.
toolkit/mozapps/extensions/internal/ProductAddonChecker.jsm does:
let f = await OS.File.openUnique(OS.Path.join(OS.Constants.Path.tmpDir, "tmpaddon"))
toolkit/mozapps/extensions/internal/XPIProvider.jsm does:
let path = OS.Path.join(OS.Constants.Path.tmpDir, "tmpaddon");
let unique = await OS.File.openUnique(path);
Those are the only two references to "tmpaddon", and openUnique creates
unique file names with the given prefix. So this shouldn't be happening.
Mike
More information about the pkg-mozilla-maintainers
mailing list