Vulnerability Note VU#906907
FireFTP filename directory traversal sequence vulnerability
Overview
The FireFTP Mozilla Firefox extension contains a vulnerability that may allow an attacker to write files to arbitrary locations.
Description
FireFTP is a Firefox extension that provides FTP client functionality. Firefox extensions can run with Chrome privileges which allow them to read/write local files and make network connections. The FTP MLST command is defined in RFC 3659: MLST provides data about exactly the object named on its command line, and no others. MLSD, on the other, lists the contents of a directory if a directory is named, otherwise a 501 reply is returned. |
Impact
A remote attacker may be able to write files to arbitrary locations on a system running Firefox with a vulnerable version of FireFTP. |
Solution
Upgrade |
|
Systems Affected (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
FireFTP | Affected | - | 21 May 2008 |
Mozilla | Unknown | 22 May 2008 | 22 May 2008 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A | N/A |
References
- http://fireftp.mozdev.org/developers.html
- https://addons.mozilla.org/en-US/firefox/addon/684
- http://developer.mozilla.org/en/docs/Chrome
- http://vuln.sg/fireftp0971-en.html
- http://support.mozilla.com/en-US/kb/Options+window#Update_tab
- http://tools.ietf.org/html/rfc3659
- http://www.faqs.org/rfcs/rfc959.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=434826
Credit
Information about this vulnerability was published by vuln.sg.
This document was written by Ryan Giobbi.
Other Information
- CVE IDs: Unknown
- Date Public: 20 May 2008
- Date First Published: 21 May 2008
- Date Last Updated: 23 May 2008
- Severity Metric: 1.35
- Document Revision: 48
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.