Mozilla Suite, Firefox and Thunderbird Debug Mode Insecure Temporary File Creation Vulnerability

Mozilla Suite, Firefox and Thunderbird Debug Mode Insecure Temporary File Creation Vulnerability

Mozilla Suite, Firefox, and Thunderbird create temporary files in an insecure manner.

A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created. When the program tries to perform an operation on a temporary file, it will instead perform the operation on the file pointed to by the malicious symbolic link.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

Note that this issue occurs only when the affected application is run in 'debug' mode.