Comment 78 for bug 95507

(From update of attachment 390806)
>+ tmpDir->CreateUnique(nsIFile::DIRECTORY_TYPE, 0775);

Any reason for g+w here? Is this relying on umask.

>+ rv = NS_NewLocalFileOutputStream(getter_AddRefs(outputStream), tmpDir);

And does this just use umask?

I guess the destination app will copy permissions from the file.

Often mail is considered private and apps seem to use go-r even if umask is more permissive.
We don't know that this data is mail here, but I think it would be better to err on the side of being private for this data of unknown nature: 0700 for the dir, and 0600 for the file.