You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.1) > MFSA 2005-28

Mozilla Foundation Security Advisory 2005-28

Title: Unsafe /tmp/plugtmp directory exploitable to erase user's files
Severity: Critical (local)
Risk: High (on shared machine, low otherwise)
Reporter: Tavis Ormandy
Products: Firefox, Mozilla Suite

Fixed in: Firefox 1.0.1
  Mozilla Suite 1.7.6


A predictable name is used for the plugin temporary directory. A malicious local user could symlink this to the victim's home directory and wait for the victim to run Firefox. When Firefox shuts down the victim's directory would be erased.