The FireFTP Mozilla Firefox extension contains a vulnerability that may allow an attacker to write files to arbitrary locations.
FireFTP is a Firefox extension that provides FTP client functionality. Firefox extensions can run with Chrome privileges which allow them to read/write local files and make network connections.
The FTP MLST command is defined in RFC 3659: MLST provides data about exactly the object named on its command line, and no others. MLSD, on the other, lists the contents of a directory if a directory is named, otherwise a 501 reply is returned.
A remote attacker may be able to write files to arbitrary locations on a system running Firefox with a vulnerable version of FireFTP.
Information about this vulnerability was published by vuln.sg.
This document was written by Ryan Giobbi.
|Date First Published:||2008-05-21|
|Date Last Updated:||2008-05-23 18:47 UTC|