Executive Summary
Summary | |
---|---|
Title | Firefox vulnerability |
Informations | |||
---|---|---|---|
Name | USN-443-1 | First vendor Publication | 2007-03-27 |
Vendor | Ubuntu | Last vendor Modification | 2007-03-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: Ubuntu 6.06 LTS: Ubuntu 6.10: After a standard system upgrade you need to restart Firefox or reboot your computer to effect the necessary changes. Details follow: A flaw was discovered in how Firefox handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure. |
Original Source
Url : http://www.ubuntu.com/usn/USN-443-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11431 | |||
Oval ID: | oval:org.mitre.oval:def:11431 | ||
Title: | The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | ||
Description: | The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1562 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla suite File : nvt/sles9p5016317.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerability USN-443-1 File : nvt/gb_ubuntu_USN_443_1.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_devhelp_fc7.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_epiphany_fc7.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_firefox_fc7.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_yelp_fc7.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-549 File : nvt/gb_fedora_2007_549_devhelp_fc6.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-549 File : nvt/gb_fedora_2007_549_epiphany_fc6.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-549 File : nvt/gb_fedora_2007_549_firefox_fc6.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-549 File : nvt/gb_fedora_2007_549_yelp_fc6.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-552 File : nvt/gb_fedora_2007_552_devhelp_fc5.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-552 File : nvt/gb_fedora_2007_552_epiphany_fc5.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-552 File : nvt/gb_fedora_2007_552_seamonkey_fc5.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-552 File : nvt/gb_fedora_2007_552_yelp_fc5.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-554 File : nvt/gb_fedora_2007_554_firefox_fc5.nasl |
2009-01-28 | Name : SuSE Update for mozilla,MozillaFirefox,MozillaThunderbird SUSE-SA:2007:036 File : nvt/gb_suse_2007_036.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43498 | Mozilla Firefox FTP Protocol PASV Response Client Manipulation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0402.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0400.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0006.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0008.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0009.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070530_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070530_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0402.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0400.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-3756.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-443-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0001.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-3541.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-3547.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-3545.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-3546.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3631.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3632.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-554.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2007-552.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2007-549.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0400.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0402.nasl - Type : ACT_GATHER_INFO |
2007-03-23 | Name : The remote Windows host contains a web browser that can be manipulated remote... File : mozilla_firefox_15011.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:16 |
|