Closed Bug 434826 Opened 17 years ago Closed 17 years ago

Remote directory traversal in FireFTP 0.97.1

Categories

(addons.mozilla.org Graveyard :: Administration, defect)

Product:
addons.mozilla.org Graveyard
Component:
Administration
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: fligtar, Unassigned)

References

(
URL
)

Details

See advisory below. The vulnerable version mentioned (0.97.1) is the most recent on AMO; the version with the fix (0.98.20080518) is not yet uploaded. We should contact the author. ------------------- TITLE: FireFTP Extension for Firefox Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA30284 VERIFY ADVISORY: http://secunia.com/advisories/30284/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: FireFTP 0.x (extension for Firefox) http://secunia.com/product/18707/ DESCRIPTION: Tan Chew Keong has reported a vulnerability in the FireFTP extension for Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing responses to the "MLSD" and "LIST" commands from an FTP server. This can be exploited to write files to arbitrary locations on a user's system when a user is enticed e.g. to download a directory containing files with directory traversal sequences in the filename from a malicious FTP server. The vulnerability is reported in version 0.97.1. Other versions may also be affected. SOLUTION: Fixed in development version 0.98.20080518. PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong ORIGINAL ADVISORY: http://vuln.sg/fireftp0971-en.html
(In reply to comment #0) > We should contact the author. Nevermind, guess that's a no.
I've reached out to the author. Awaiting their reply.
Author is being cc'ed.
0.97.2 has been released to resolve the issue on the Firefox 2 branch. 0.98.20080520 (which will become 0.99 shortly) resolves the issue on Firefox 3 branch.
This made the top 10 most read advisories on secunia so we should try and get information out, and the fixed push out to users as soon as possible This Weeks Top Ten Most Read Advisories: 1. [SA30220] Debian OpenSSL Predictable Random Number Generator and Update 2. [SA30241] Linux Kernel Multiple Vulnerabilities 3. [SA29941] Foxit Reader "util.printf()" Buffer Overflow 4. [SA30261] Symantec Altiris Deployment Solution Multiple Vulnerabilities 5. [SA30140] Oracle Application Server Portal Authentication Bypass 6. [SA30143] Microsoft Word Two Code Execution Vulnerabilities 7. [SA30196] Model Search "cat" SQL Injection Vulnerability 8. [SA30273] 68 Classifieds "cat" SQL Injection Vulnerability 9. [SA30201] Kostenloses Linkmanagementscript Multiple Vulnerabilities 10. [SA30254] Pet Grooming Management System "useradded.php" Security Bypass
Group: update-security
Which one of those 10 advisories is related to FireFTP? I'm not seeing 30284 in the list, and none of the summaries sound like it either.
oops, scratch that. it didn't make the top 10 list. I confused it with the foxit reader vuln.
Since 0.97.2 is now live on the site this bug can be marked fixed, right?
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
I think it's version 0.98.20080518 that is needed (per Secunia), but Mime can correct us here.
(In reply to comment #10) > I think it's version 0.98.20080518 that is needed (per Secunia), but Mime can > correct us here. > See comment #5
Component: Add-ons → Administration
QA Contact: add-ons → administration
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.