Debian
firefox package

Bug #26040
Comment #0

Comment 0 for bug 26040

Revision history for this message

In Debian Bug tracker #340284, S. Thommerel (silvere-thommerel) wrote on 2005-11-22:

Package: mozilla-firefox
Version: 1.0.7-1
Severity: critical
Tags: security
Justification: root security hole

To reproduce this bug:

su root and then load firefox from the term. Then launch firefox from
another unrelated and normal user terminal. The newly launched firefox reads root's
profile and gets root's rights.

I normally have no rights to save anything in /usr/share with my user
account. I used firefox as root to go and grab an icon for xfce4 that I
could save in /usr/share/pixmaps. After that the download tab was the
only remaining part of root's firefox.
I loaded firefox (normal user account) and it didn't not show my normal
homepage. I tried to save google's logo in /usr/share/pixmaps. It
worked!!!

-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)

Versions of packages mozilla-firefox ii debianutils 2.15.1 ii fontconfig 2.3.2-1 ii libatk1.0-0 1.10.3-1 ii libc6 2.3.5-6 ii libfontconfig1 2.3.2-1 ii libfreetype6 2.1.7-2.4 ii libgcc1 1:4.0.2-2 ii libglib2.0-0 2.8.3-1 ii libgtk2.0-0 2.6.10-1 ii libidl0 0.8.5-1 ii libjpeg62 6b-10 ii libkrb53 1.3.6-5 ii libpango1.0-0 1.8.2-3 ii libpng12-0 1.2.8rel-5 ii libstdc++6 4.0.2-2 ii libx11-6 ii libxext6 ii libxft2 2.1.7-1 ii libxinerama1 ii libxp6 ii libxt6 ii psmisc 21.8-1 ii xlibs ii zlib1g 1:1.2.3-4 depends on:
Miscellaneous utilities specific t
generic font configuration library
The ATK accessibility toolkit
GNU C Library: Shared libraries an
generic font configuration library
FreeType 2 font engine, shared lib
GCC support library
The GLib library of C routines
The GTK+ graphical user interface
library for parsing CORBA IDL file
The Independent JPEG Group's JPEG
MIT Kerberos runtime libraries
Layout and rendering of internatio
PNG library - runtime
The GNU Standard C++ Library v3
6.8.2.dfsg.1-7 X Window System protocol client li
6.8.2.dfsg.1-7 X Window System miscellaneous exte
FreeType-based font drawing librar
6.8.2.dfsg.1-7 X Window System multi-head display
6.8.2.dfsg.1-7 X Window System printing extension
6.8.2.dfsg.1-7 X Toolkit Intrinsics
Utilities that use the proc filesy
6.8.2.dfsg.1-7 X Window System client libraries m
compression library - runtime

mozilla-firefox recommends no packages.

-- no debconf information

Package: mozilla-firefox
Version: 1.0.7-1
Severity: critical
Tags: security
Justification: root security hole

To reproduce this bug:

su root and then load firefox from the term. Then launch firefox from
 another unrelated and normal user terminal. The newly launched firefox reads root's
 profile and gets root's rights.

I normally have no rights to save anything in /usr/share with my user
 account. I used firefox as root to go and grab an icon for xfce4 that I
 could save in /usr/share/pixmaps. After that the download tab was the
 only remaining part of root's firefox.
 I loaded firefox (normal user account) and it didn't not show my normal
 homepage. I tried to save google's logo in /usr/share/pixmaps. It
 worked!!!

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)

Versions of packages mozilla-firefox depends on:
ii  debianutils               2.15.1         Miscellaneous utilities specific t
ii  fontconfig                2.3.2-1        generic font configuration library
ii  libatk1.0-0               1.10.3-1       The ATK accessibility toolkit
ii  libc6                     2.3.5-6        GNU C Library: Shared libraries an
ii  libfontconfig1            2.3.2-1        generic font configuration library
ii  libfreetype6              2.1.7-2.4      FreeType 2 font engine, shared lib
ii  libgcc1                   1:4.0.2-2      GCC support library
ii  libglib2.0-0              2.8.3-1        The GLib library of C routines
ii  libgtk2.0-0               2.6.10-1       The GTK+ graphical user interface 
ii  libidl0                   0.8.5-1        library for parsing CORBA IDL file
ii  libjpeg62                 6b-10          The Independent JPEG Group's JPEG 
ii  libkrb53                  1.3.6-5        MIT Kerberos runtime libraries
ii  libpango1.0-0             1.8.2-3        Layout and rendering of internatio
ii  libpng12-0                1.2.8rel-5     PNG library - runtime
ii  libstdc++6                4.0.2-2        The GNU Standard C++ Library v3
ii  libx11-6                  6.8.2.dfsg.1-7 X Window System protocol client li
ii  libxext6                  6.8.2.dfsg.1-7 X Window System miscellaneous exte
ii  libxft2                   2.1.7-1        FreeType-based font drawing librar
ii  libxinerama1              6.8.2.dfsg.1-7 X Window System multi-head display
ii  libxp6                    6.8.2.dfsg.1-7 X Window System printing extension
ii  libxt6                    6.8.2.dfsg.1-7 X Toolkit Intrinsics
ii  psmisc                    21.8-1         Utilities that use the proc filesy
ii  xlibs                     6.8.2.dfsg.1-7 X Window System client libraries m
ii  zlib1g                    1:1.2.3-4      compression library - runtime

mozilla-firefox recommends no packages.

-- no debconf information

Debianfirefox package

Comment 0 for bug 26040

Debian
firefox package