CVE-2009-3274

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions

Description The issue allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component.

Recommendations For Mozilla Firefox versions 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, consider restricting access to the /tmp directory to prevent exploitation. As a temporary workaround, consider disabling the Download Manager component until a patch is available. Avoid using the Downloads window to select files from untrusted sources until the issue is resolved.