GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » FireFTP Extension for Firefox Remote Directory Traversal Vulnerability

 

Release Date: 20/05/2008 Severity: Moderately Critical Moderately Critical
SecWatch Advisory: SWID1021239 Cause: Not specified
Solution Status: Vendor Workaround Impact: Modification of user information
Exploit Status: None Available Access Vector: From remote
 
Affected Software: FireFTP 0.x (extension for Firefox)
 
Original Advisory: http://vuln.sg/fireftp0971-en.html
Secunia: SA30284
Bugtraq ID: BID#29289

 

Description:

A vulnerability in the FireFTP extension for Firefox has been reported, which can be exploited by remote users to compromise a user's system.

An input validation error exists when processing responses to "MLSD" and "LIST" commands from an FTP server, which can be exploited to write files to arbitrary locations via directory traversal sequences.

 

Affected:

FireFTP extension for Firefox version 0.97.1. Other versions may also be affected.

 

Solution:

The vulnerability has been fixed in version 0.98.20080518.

 

Credits:

Tan Chew Keong

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.