CVE-2009-3478

by Fred · 29/09/2009

Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.

Date published : 2009-09-29

http://www.securityfocus.com/bid/36536

http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74;r2=1.75;f=h

CVE-2009-3478

Similar

Recent Posts

Categories

CVE-2009-3478

Share this:

Similar

Recent Posts

Categories

Tags