Описание
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-1562
- https://bugzilla.mozilla.org/show_bug.cgi?id=370559
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33119
- https://issues.rpath.com/browse/RPL-1157
- https://issues.rpath.com/browse/RPL-1424
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431
- http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://secunia.com/advisories/25476
- http://secunia.com/advisories/25490
- http://secunia.com/advisories/25858
- http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
- http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
- http://www.openwall.com/lists/oss-security/2020/12/09/1
- http://www.redhat.com/support/errata/RHSA-2007-0400.html
- http://www.redhat.com/support/errata/RHSA-2007-0402.html
- http://www.securityfocus.com/archive/1/463501/100/0/threaded
- http://www.securityfocus.com/archive/1/470172/100/200/threaded
- http://www.securityfocus.com/bid/23082
- http://www.securitytracker.com/id?1017800
- http://www.ubuntu.com/usn/usn-443-1
- http://www.vupen.com/english/advisories/2007/1034
Связанные уязвимости
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...
ELSA-2007-0400: Critical: firefox security update (CRITICAL)