Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: Insecure file permissions in the Firefox browser for Linux >= v0.9

Insecure file permissions in the Firefox browser for Linux >= v0.9

From: Max <spamhole_at_gmx.at>
Date: Mon, 13 Sep 2004 21:12:16 +0200

after installing firefox many of the permissions are set to 777, allowing
anyone on the system to change the contents of the (executable) files.

this first occured in the 0.9 release (in the tar.gz release as well as in the
installer). the problem (or is it called a feature now?) still exists in the
latest release v0.9.3.

the problem was reported on bugzilla long long time ago by myself and others.

lunanova:/tmp# tar xzf firefox-0.9.3-i686-linux-gtk2+xft-installer.tar.gz
lunanova:/tmp# cd firefox-installer/
lunanova:/tmp/firefox-installer# ./firefox-installer
# ... installing to /tmp/firefox-0.9.3
lunanova:/tmp/firefox-installer# exit
max_at_lunanova:~$ cd /tmp/firefox-0.9.3
max_at_lunanova:/tmp/firefox-0.9.3$ echo 'echo "oops"' > run-mozilla.sh
max_at_lunanova:/tmp/firefox-0.9.3$ ./firefox
oops
max_at_lunanova:/tmp/firefox-0.9.3$ ls -l
total 12676
drwxr-xr-x 4 root root 4096 Sep 13 21:02 chrome
drwxr-xr-x 3 root root 4096 Sep 13 21:02 components
drwxr-xr-x 5 root root 4096 Sep 13 21:02 defaults
drwxr-xr-x 2 root root 4096 Sep 13 21:02 extensions
-rwxr-xr-x 1 root root 4775 Aug 3 14:14 firefox
-rwxr-xr-x 1 root root 9758932 Aug 3 14:14 firefox-bin
drwxr-xr-x 2 root root 4096 Sep 13 21:02 greprefs
-rw-r--r-- 1 root root 29364 Sep 13 21:02 install.log
-rwxrwxrwx 1 root root 441204 Aug 3 14:14 libmozjs.so
-rwxrwxrwx 1 root root 177164 Aug 3 14:14 libnspr4.so
-rwxrwxrwx 1 root root 405372 Aug 3 14:14 libnss3.so
-rwxrwxrwx 1 root root 170068 Aug 3 14:14 libnssckbi.so
-rwxrwxrwx 1 root root 15272 Aug 3 14:14 libplc4.so
-rwxrwxrwx 1 root root 8240 Aug 3 14:14 libplds4.so
-rwxrwxrwx 1 root root 134188 Aug 3 14:14 libsmime3.so
-rw-rw-rw- 1 root root 476 Aug 3 14:14 libsoftokn3.chk
-rwxrwxrwx 1 root root 419824 Aug 3 14:14 libsoftokn3.so
-rwxrwxrwx 1 root root 125376 Aug 3 14:14 libssl3.so
-rwxrwxrwx 1 root root 661232 Aug 3 14:14 libxpcom.so
-rwxrwxrwx 1 root root 94888 Aug 3 14:14 libxpcom_compat.so
-rwxrwxrwx 1 root root 7736 Aug 3 14:14 libxpistub.so
-rwxrwxrwx 1 root root 236615 Aug 3 14:14 mozilla-xremote-client
drwxr-xr-x 2 root root 4096 Sep 13 21:02 plugins
-rw-r--r-- 1 root root 335 Sep 13 21:02 registry
drwxr-xr-x 7 root root 4096 Sep 13 21:02 res
-rwxrwxrwx 1 root root 12 Sep 13 21:03 run-mozilla.sh
drwxr-xr-x 2 root root 4096 Sep 13 21:02 searchplugins
-rwxrwxrwx 1 root root 147500 Aug 3 14:14 xpicleanup
.. subdirs dont look much better.
Received on Sep 13 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]