[Secure-testing-team] Bug#659376: netsurf: world-readable cookie jar

Jakub Wilk jwilk at debian.org
Fri Feb 10 15:44:08 UTC 2012

Previous message: [Secure-testing-team] Bug#659296: surf: world-readable cookie jar
Next message: [Secure-testing-team] Bug#659379: uzbl: world-readable (and writable!) cookie jar
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Package: netsurf
Version: 1.2-1
Severity: grave
Tags: security
Justification: user security hole

$ ls -ld ~/.netsurf/{,Cookies}
drwxr-xr-x 2 user users 4096 Feb  9 23:32 /home/user/.netsurf/
-rw-r--r-- 1 user users  812 Feb  9 23:32 /home/user/.netsurf/Cookies

This allows local users to steal cookies.

-- 
Jakub Wilk

Previous message: [Secure-testing-team] Bug#659296: surf: world-readable cookie jar
Next message: [Secure-testing-team] Bug#659379: uzbl: world-readable (and writable!) cookie jar
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Secure-testing-team mailing list