December 30, 2001

Mozilla Personal Security Manager uses unsafe temporary files

Author: JT Smith

_NoDDingDog tells us about this: Mozilla Personal Security Manager uses unsafe temporary files and may allow local users to overwrite critical files on the server. Version(s): Mozilla 0.8.
A local user can create a symbolic link from a temporary file used by the Mozilla Personal Security Manager (PSM) to another critical file. Then, when a privileged user accesses a secure web site, thereby invoking Mozilla PSM, the linked file will be overwritten.
More at Securitytracker.com

Category:

  • Linux
Click Here!