Mozilla Firefox ParseFTPList Remote Denial of Service Vulnerability

Bugtraq ID:	26159
Class:	Input Validation Error
CVE:	CVE-2007-5691
Remote:	Yes
Local:	No
Published:	Oct 22 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	Priit Laes originally reported this issue to the vendor. Michal Bucko may have also independently discovered this issue.
Vulnerable:	Mozilla Firefox 2.0 .7
Not Vulnerable:	Mozilla Firefox 2.0 .8

Mozilla Firefox ParseFTPList Remote Denial of Service Vulnerability

Mozilla Firefox is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to cause denial-of-service conditions.

Firefox 2.0.0.7 is vulnerable; other versions may also be affected.

Mozilla Firefox ParseFTPList Remote Denial of Service Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Mozilla Firefox ParseFTPList Remote Denial of Service Vulnerability

Solution:
The vendor released Firefox 2.0.0.8 to address this issue. Please see the references for more information.


Mozilla Firefox 2.0 .7

• Mozilla Firefox 2.0.0.8
  http://www.mozilla.com/en-US/firefox/

Mozilla Firefox ParseFTPList Remote Denial of Service Vulnerability

References:

• Bug 388424 �?? Crash when decoding FTP directory items (Mozilla)
  
• Firefox Release Notes (Mozilla)
  
• Vendor Homepage (Mozilla Foundation)
  
• [ELEYTT] Public Advisory 20-10-2007 ("Michal Bucko" )
  
• Firefox 2.0.0.7 ParseFTPList Remote Denial of Service (Eleytt)