← Back to team overview

desktop-packages team mailing list archive

[Bug 1401454]


This over 7 year old bug is security related and still valid in
Thunderbird 31.3. So why is the patch not approved? On home computers
this is not a big issue but in companies with multi-user setup is really
is, so this needs to be fixed fast.

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.

  Thunderbird writes attachments to /tmp readable to everyone

Status in Mozilla Thunderbird Mail and News:
  In Progress
Status in thunderbird package in Ubuntu:

Bug description:
  When I open an attachment of an email in Thunderbird it gets written
  to disk with permission 644, so it is readable by everyone on the

  How to repeat: Open an E-Mail, Open an Attachment (e.g. google.png)

  $ cd /tmp; ls -lh
  -rw-r--r-- 1 theuser thegroup 2,4K Dez 11 10:39 google.png

  Instead, Thunderbird should write the file with permissions 600. Plus,
  to avoid conflicts between users, the file should be written into a
  directory per user, e.g. /tmp/theuser/google.png or another user
  specific temp directory.

To manage notifications about this bug go to: