Jakub Wilk
2012-Feb-10 15:44 UTC
[Secure-testing-team] Bug#659376: netsurf: world-readable cookie jar
Package: netsurf
Version: 1.2-1
Severity: grave
Tags: security
Justification: user security hole
$ ls -ld ~/.netsurf/{,Cookies}
drwxr-xr-x 2 user users 4096 Feb 9 23:32 /home/user/.netsurf/
-rw-r--r-- 1 user users 812 Feb 9 23:32 /home/user/.netsurf/Cookies
This allows local users to steal cookies.
--
Jakub Wilk