Description of Problem: The startup script does not check the user id when you start a second mozilla browser on the same machine. Version-Release number of selected component (if applicable): 0.9.3-x How Reproducible: Start mozilla as user1 and when it is running start mozilla as user2. Actual Results: When user2 is root: New window of the users mozilla with all preferences and the ability to read email etc. When user2 is not root: Error sending command. Expected Results: A new mozilla which belongs to user2. Additional Information:
All mozilla 0.9 versions are affected.
We (Red Hat) should try to fix this before next release.
I took a look at this, and it is sort of hard to fix. It requires some changes to the ns/moz remote invocation protocol. If i were to do this i would tag each moz/ns window with a uid, and then have mozilla -remote only look for mozilla windows that matched getuid(). I think doing that at this stage would be bad though, but it should be fixed in the future.
As it stands, this is not a security bug; it requires access to the X display anyway.
Yeah, this in non-trivial to fix. It's not going to make the next release for sure.
Fixed in rawhide.