Mozilla Firefox FTP PASV Implementation Permits Port Scanning
|
|
SecurityTracker Alert ID: 1017800 |
|
SecurityTracker URL: http://securitytracker.com/id/1017800
|
|
CVE Reference:
CVE-2007-1562
(Links to External Site)
|
Updated: May 16 2008
|
Original Entry Date: Mar 21 2007
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): prior to 1.5.0.11; also 2.0.0.0, 2.0.0.1, 2.0.0.2
|
Description:
A vulnerability was reported in Mozilla Firefox. A remote user can cause Firefox to conduct portscans.
In response to an FTP PASV command from the target user's Firefox client, the remote connected FTP server can return a port number and different IP address, causing the Firefox client to connect to the specified IP address and port number.
A remote user can create a specially crafted web page that, when loaded by the target user, will cause the target user's browser to connect to a malicious FTP server and then scan the ports specified by the malicious FTP server, including scanning systems that are on the target user's internal network and scanning ports on the Firefox banned port list.
SeaMonkey is also affected.
Mark at bindshell.net reported this vulnerability.
The original advisory is available at:
http://bindshell.net/papers/ftppasv
|
Impact:
A remote user can cause Firefox to conduct portscans.
|
Solution:
The vendor has issued fixed versions (1.5.0.11, 2.0.0.3).
The Mozilla advisory is available at:
http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
|
Vendor URL: www.mozilla.org/security/announce/2007/mfsa2007-11.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
