CVE-2007-1562

Mozilla Firefox < 1.5.0.11 - Information Disclosure

Title source: rule

Description

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Exploits (1)

exploitdb WRITEUP VERIFIED

by mark · textremotelinux

https://www.exploit-db.com/exploits/29768

View Code ZIP pw:eip

References (21)

Core 21

Core References

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-443-1

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/470172/100/200/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/33119

Broken Link vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1017800

Broken Link vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0400.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/463501/100/0/threaded

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1034

Broken Link x_refsource_misc

http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23082

Broken Link x_refsource_confirm

https://issues.rpath.com/browse/RPL-1424

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25858

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25476

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2007/mfsa2007-11.html

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431

Issue Tracking, Vendor Advisory x_refsource_misc

https://bugzilla.mozilla.org/show_bug.cgi?id=370559

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25490

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0402.html

Broken Link x_refsource_confirm

https://issues.rpath.com/browse/RPL-1157

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/12/09/1

Scores

EPSS 0.3034

EPSS Percentile 96.7%

Details

CWE

CWE-200

Status published

Products (4)

canonical/ubuntu_linux 5.10

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 6.10

mozilla/firefox 1.5 - 1.5.0.11

Published Mar 21, 2007

Tracked Since Feb 18, 2026