[Pkg-mozext-maintainers] Bug#740759: xpi-repack: insecure use of /tmp
Jakub Wilk
jwilk at debian.org
Tue Mar 4 19:22:08 UTC 2014
Package: mozilla-devscripts
Version: 0.35
Severity: important
Tags: security patch
xpi-repack uses a subdirectory of /tmp with a predictable name.
Malicious local user could exploit this flaw to cause denial of service,
or, if they win the race, to tamper with the unpacked xpi.
Patch attached.
--
Jakub Wilk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xpi-repack-mkdtemp.diff
Type: text/x-diff
Size: 903 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozext-maintainers/attachments/20140304/ab34c3a0/attachment.diff>
More information about the Pkg-mozext-maintainers
mailing list