CVE-2008-2399

Name of the Vulnerable Software and Affected Versions: FireFTP add-on versions prior to 0.98.20080518

Description: A directory traversal issue allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands. This can be leveraged for code execution by writing to a Startup folder.

Recommendations: For FireFTP add-on versions prior to 0.98.20080518, update to version 0.98.20080518 or later to resolve the issue. As a temporary workaround, consider restricting access to the MLSD and LIST commands until a patch is available. Avoid using the FireFTP add-on with untrusted FTP servers until the issue is resolved.