Using Thunderbird 38.8.0 in Ubuntu 16.04, when I open a pdf I now get a
-r-------- 1 thomas thomas 19K Jun 16 18:28 filename.pdf
So nobody can read the file, which is 95% of the security fix. The remaining 5% would be to not expose the file name to other users.
That's exactly how it is done for Mozilla Firefox 47.0/Ubuntu 16.04:
Firefox now uses a directory which is only accessible by the user:
drwx------ 1 thomas thomas 1,9K Jun 16 18:08 mozilla_thomas0
Thereby, using Firefox, the file names of temporary files in the directory are no longer exposed to other users. Would be great to have the same behaviour in Thunderbird as well.
Using Thunderbird 38.8.0 in Ubuntu 16.04, when I open a pdf I now get a
-r-------- 1 thomas thomas 19K Jun 16 18:28 filename.pdf
So nobody can read the file, which is 95% of the security fix. The remaining 5% would be to not expose the file name to other users.
That's exactly how it is done for Mozilla Firefox 47.0/Ubuntu 16.04:
Firefox now uses a directory which is only accessible by the user:
drwx------ 1 thomas thomas 1,9K Jun 16 18:08 mozilla_thomas0
Thereby, using Firefox, the file names of temporary files in the directory are no longer exposed to other users. Would be great to have the same behaviour in Thunderbird as well.