File parts are being automatically downloaded to /tmp
In the tor browser (version 9.0.2), on linux (Mint 19.3), upon clicking on a download link, the browser immediately starts saving a file in the /tmp folder (or whatever folder currently set in the TMPDIR env variable).
For example, if you go to the Tails download page: https://tails.boum.org/install/vm-download/index.en.html
And click on the link to download the iso directly, you will instantaneously see a new file in the /tmp folder. Example of downloaded file: /tmp/mozilla_user123/1Dxw3tAv.iso.part
I don't know about you, but to me that is extremely concerning for people using the tor browser on a regular operating system.
Someone aware of the fact and fairly technical can take preventive measures (such as setting the TMPDIR env variable or mounting /tmp as tmpfs), but the casual user is truly screwed.
Trac:
Username: g4vin0leary