Description of Problem:
The startup script does not check the user id when you start a second
mozilla browser on the same machine.
Version-Release number of selected component (if applicable):
Start mozilla as user1 and when it is running start mozilla as user2.
When user2 is root: New window of the users mozilla with all preferences
and the ability to read email etc.
When user2 is not root: Error sending command.
A new mozilla which belongs to user2.
All mozilla 0.9 versions are affected.
We (Red Hat) should try to fix this before next release.
I took a look at this, and it is sort of hard to fix. It requires some changes
to the ns/moz remote invocation protocol.
If i were to do this i would tag each moz/ns window with a uid, and then have
mozilla -remote only look for mozilla windows that matched getuid().
I think doing that at this stage would be bad though, but it should be fixed in
As it stands, this is not a security bug; it requires access to the X display
Yeah, this in non-trivial to fix. It's not going to make the next release for sure.
Fixed in rawhide.