| VID |
28699 |
| Severity |
20 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows host has a version of Mozilla Firefox that can be manipulated remotely for network abuse. A version of Mozilla Firefox which is older than 1.5.0.11 / 2.0.0.3 has been installed on the host. Mozilla is an open-source based Web browser, developed by the Mozilla project. The FTP client support in Mozilla Firefox versions prior to 1.5.0.11 and versions 2.x prior to 2.0.0.3 could allow a remote attacker with control of an FTP server to cause the affected application to connect to arbitrary TCP ports and potentially reveal sensitive information about services that are running on the affected host. This might help a remote attacker to launch further attacks against the affected system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
http://bindshell.net/papers/ftppasv
* Platforms Affected:
Mozilla Project, Firefox versions prior to 1.5.0.11
Mozilla Project, Firefox versions 2.x prior to 2.0.0.3
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Firefox (1.5.0.11 or 2.0.0.3 or later), available from the Mozilla Firefox Download Web page at http://www.mozilla.org/products/firefox/ |
| Related URL |
CVE-2007-1562 (CVE) |
| Related URL |
23082 (SecurityFocus) |
| Related URL |
(ISS) |
|
