A vulnerability has been reported in Kerberos V5, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Mozilla / Firefox / Thunderbird Downloaded File Content Disclosure Vulnerability
Exposure of sensitive information
Mozilla Thunderbird 0.x
Mozilla Firefox 0.x
Martin has reported a vulnerability in Mozilla, Firefox, and
Thunderbird, which can be exploited by malicious, local users to gain
knowledge of sensitive information.
The vulnerability is caused due to improper permissions on downloaded
files opened in external applications. This can be exploited to read
other users' files, which are currently opened through the download
dialog box in external applications.
The vulnerability reportedly affects the following Linux builds:
* Mozilla 1.7 through 1.7.3.
* Firefox 0.9 through 1.0PR.
* Thunderbird 0.6 through 0.8.
Fixes are available in the CVS repository.