CVE-2007-1562
published 2007-03-21CVE-2007-1562: The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
13.85%
96.1th percentile
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| mozilla | firefox | >= 1.5 < 1.5.0.11 | 1.5.0.11 |
| mozilla | firefox | >= 2.0 < 2.0.0.3 | 2.0.0.3 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
vendor_redhat·2007-05-31·CVSS 6.8
CVE-2007-2871 [MEDIUM] Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
Red Hat
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
vendor_redhat·2007-05-31·CVSS 4.3
CVE-2007-1362 [MEDIUM] Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
Red Hat
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
vendor_redhat·2007-05-31·CVSS 6.8
CVE-2007-2869 [MEDIUM] Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
Red Hat
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
vendor_redhat·2007-05-31·CVSS 6.8
CVE-2007-2867 [MEDIUM] Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
Ubuntu
Firefox vulnerability
vendor_ubuntu·2007-03-27
CVE-2007-1562 Firefox vulnerability
Title: Firefox vulnerability
Summary: Firefox vulnerability
A flaw was discovered in how Firefox handled PASV FTP responses. If a
user were tricked into visiting a malicious FTP server, a remote
attacker could perform a port-scan of machines within the user's
network, leading to private information disclosure.
Instructions: After a standard system upgrade you need to restart Firefox or reboot
your computer to effect the necessary changes.
Red Hat
security flaw
vendor_redhat·2007-03-22·CVSS 6.8
CVE-2007-1562 [MEDIUM] security flaw
security flaw
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
GHSA
GHSA-ccpp-7p46-hqr2: The FTP protocol implementation in Mozilla Firefox before 1
ghsa_unreviewed·2022-05-01
CVE-2007-1562 [MEDIUM] CWE-200 GHSA-ccpp-7p46-hqr2: The FTP protocol implementation in Mozilla Firefox before 1
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
No detection rules found.
HackerOne
lib/net/ftp.rb: trusting PASV responses allow client abuse
hackerone·2021-07-08·CVSS 6.8
[MEDIUM] lib/net/ftp.rb: trusting PASV responses allow client abuse
lib/net/ftp.rb: trusting PASV responses allow client abuse
When `net/ftp` performs a passive FTP transfer, it tries to using PASV. Passive mode is what `net/ftp` uses by default.
A server response to a PASV command includes the (IPv4) address and port number for the client to connect back to in order to perform the actual data
transfer.
This is how the FTP protocol is designed to work.[^1]
A malicious server can use the PASV response to trick `net/ftp` into connecting back to a given IP address and port, and this way potentially make it extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
If `net/ftp` operates on a URL provided by a user (with by all means is an unwise setup), a user can exploit
Bugzilla
CVE-2007-1562 security flaw
bugzilla·2018-08-16·CVSS 6.8
CVE-2007-1562 [MEDIUM] CVE-2007-1562 security flaw
CVE-2007-1562 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
Bugzilla
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
bugzilla·2007-05-31·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
+++ This bug was initially created as a clone of Bug #241670 +++
Firefox 1.5.0.12 is being released to fix the following security flaws:
CVE-2007-1562 MFSA 2007-11
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-2870 MFSA 2007-16
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Bugzilla
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
bugzilla·2007-05-31·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
+++ This bug was initially created as a clone of Bug #241672 +++
Seamonkey 1.0.9 is being released to fix the following security flaws:
CVE-2007-1562 MFSA 2007-11
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-1558 MFSA 2007-15
CVE-2007-2870 MFSA 2007-16
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Discussion:
Fedora Core 5 is no longer supported, could you please reproduce this with the
updated version of the currently support
Bugzilla
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
bugzilla·2007-05-29·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Firefox 1.5.0.12 is being released to fix the following security flaws:
CVE-2007-1562 MFSA 2007-11
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-2870 MFSA 2007-16
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Discussion:
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where t
Bugzilla
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
bugzilla·2007-05-29·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Seamonkey 1.0.9 is being released to fix the following security flaws:
CVE-2007-1562 MFSA 2007-11
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-1558 MFSA 2007-15
CVE-2007-2870 MFSA 2007-16
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Discussion:
These flaws also affect Seamonkey as shipped in RHEL 2.1 and 3
---
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This r
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdfhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://secunia.com/advisories/25476http://secunia.com/advisories/25490http://secunia.com/advisories/25858http://www.mozilla.org/security/announce/2007/mfsa2007-11.htmlhttp://www.novell.com/linux/security/advisories/2007_36_mozilla.htmlhttp://www.openwall.com/lists/oss-security/2020/12/09/1http://www.redhat.com/support/errata/RHSA-2007-0400.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0402.htmlhttp://www.securityfocus.com/archive/1/463501/100/0/threadedhttp://www.securityfocus.com/archive/1/470172/100/200/threadedhttp://www.securityfocus.com/bid/23082http://www.securitytracker.com/id?1017800http://www.ubuntu.com/usn/usn-443-1http://www.vupen.com/english/advisories/2007/1034https://bugzilla.mozilla.org/show_bug.cgi?id=370559https://exchange.xforce.ibmcloud.com/vulnerabilities/33119https://issues.rpath.com/browse/RPL-1157https://issues.rpath.com/browse/RPL-1424https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdfhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://secunia.com/advisories/25476http://secunia.com/advisories/25490http://secunia.com/advisories/25858http://www.mozilla.org/security/announce/2007/mfsa2007-11.htmlhttp://www.novell.com/linux/security/advisories/2007_36_mozilla.htmlhttp://www.openwall.com/lists/oss-security/2020/12/09/1http://www.redhat.com/support/errata/RHSA-2007-0400.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0402.htmlhttp://www.securityfocus.com/archive/1/463501/100/0/threadedhttp://www.securityfocus.com/archive/1/470172/100/200/threadedhttp://www.securityfocus.com/bid/23082http://www.securitytracker.com/id?1017800http://www.ubuntu.com/usn/usn-443-1http://www.vupen.com/english/advisories/2007/1034https://bugzilla.mozilla.org/show_bug.cgi?id=370559https://exchange.xforce.ibmcloud.com/vulnerabilities/33119https://issues.rpath.com/browse/RPL-1157https://issues.rpath.com/browse/RPL-1424https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431
2007-03-21
Published