CVE-2007-1562

Firefox < 1.5.0.11 and 2.x < 2.0.0.3 - FTP PASV Response Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1562. PoCs published by mark.

AI-analyzed exploit summary The provided text describes an information leak vulnerability in Mozilla Firefox (CVE-2007-1562) that allows attackers to probe arbitrary TCP ports and gather sensitive information about running services. The reference links to a binary exploit but does not contain executable code.

Description

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Exploits (1)

exploitdb WRITEUP VERIFIED
by mark · textremotelinux
https://www.exploit-db.com/exploits/29768

The provided text describes an information leak vulnerability in Mozilla Firefox (CVE-2007-1562) that allows attackers to probe arbitrary TCP ports and gather sensitive information about running services. The reference links to a binary exploit but does not contain executable code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Mozilla Firefox (versions affected by CVE-2007-1562)
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a crafted link
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (21)

Core 21
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-443-1
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33119
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017800
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0400.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/463501/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1034
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23082
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1424
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25858
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25476
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=370559
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25490
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0402.html
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1157
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/12/09/1

Scores

EPSS 0.1385
EPSS Percentile 96.0%

Details

CWE
CWE-200
Status published
Products (4)
canonical/ubuntu_linux 5.10
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 6.10
mozilla/firefox 1.5 - 1.5.0.11
Published Mar 21, 2007
Tracked Since Feb 18, 2026