PT-2007-2946 · Mozilla+1 · Firefox+1

Published

2007-03-21

Updated

2020-12-09

CVE-2007-1562

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 1.5.0.11 and earlier Mozilla Firefox 2.x versions prior to 2.0.0.3

Description The issue allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. This can be achieved through the FTP protocol implementation.

Recommendations For Mozilla Firefox versions 1.5.0.11 and earlier, update to version 1.5.0.11 or later. For Mozilla Firefox 2.x versions prior to 2.0.0.3, update to version 2.0.0.3 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2007-1562

HPSBUX02153

RHSA-2007:0400

RHSA-2007:0402

RHSA-2007_0400

RHSA-2007_0402

Affected Products

Firefox

Red Hat

PT-2007-2946 · Mozilla+1 · Firefox+1

CVE-2007-1562

Weakness Enumeration

Related Identifiers

Affected Products

References · 166