Vulnerability Description
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fireftp | Fireftp | <= 0.98 |
| Mozilla | Firefox | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30284Vendor Advisory
- http://vuln.sg/fireftp0971-en.htmlExploit
- http://www.kb.cert.org/vuls/id/906907US Government Resource
- http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSoc
- http://www.securityfocus.com/bid/29289
- http://www.vupen.com/english/advisories/2008/1596/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42516
- http://secunia.com/advisories/30284Vendor Advisory
- http://vuln.sg/fireftp0971-en.htmlExploit
- http://www.kb.cert.org/vuls/id/906907US Government Resource
- http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSoc
- http://www.securityfocus.com/bid/29289
- http://www.vupen.com/english/advisories/2008/1596/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42516
FAQ
What is CVE-2008-2399?
CVE-2008-2399 is a vulnerability with a CVSS score of 9.3 (HIGH). Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in respo...
How severe is CVE-2008-2399?
CVE-2008-2399 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2399?
Check the references section above for vendor advisories and patch information. Affected products include: Fireftp Fireftp, Mozilla Firefox.