Mozilla Predictable Temporary File Symbolic Link Attack Vulnerability

Mozilla Predictable Temporary File Symbolic Link Attack Vulnerability

Mozilla is a freely available, open source web browser. It is maintained and distributed by the Mozilla project.

When Mozilla is used to visit a secure site, a file is created insecurely in the /tmp directory. The .nmsc-0-lock file is created in the /tmp directory without checking for an existing file or symbolic link. It is possible for a local user to create a symbolic link to a file owned by another user, and when the user executes Mozilla and visits a secure site, the linked file will be overwritten.