[Bug 638908] [NEW] "Crash Report "data upload now enabled automatically-security risk?

emarkay mrk at emarkay.com
Wed Sep 15 12:28:51 UTC 2010


*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: firefox

Apparently the "Crash Report"  feature is now started and can possibly
upload information without user control.

Regardless if it's a few bits of data or an entire transcript of user's
security keys and logs, enabling the automatic uploading of data,
(especially without at least informing the user of a change in
procedure) is contrary to common sense and the fundamental principals of
online security.

This  needs to be immediately modified to allow user control of what is
uploaded and when.

See:
https://bugs.launchpad.net/ubuntu/lucid/+source/firefox/+bug/623962 for Lucid and 
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/623509 for Maverick

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

-- 
"Crash Report "data upload now enabled automatically-security risk?
https://bugs.launchpad.net/bugs/638908
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.




More information about the Ubuntu-mozillateam-bugs mailing list