New Firefox Versions Released to Fix FTP Vulnerability

Mozilla Foundation released Firefox 2.0.0.3 and 1.5.0.11 to fix a vulnerability in the FTP protocol that could allow an intruder to perform a basic port scan of a user's internal network.

ITPro Today

March 21, 2007

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Mozilla Foundation released Firefox 2.0.0.3 and 1.5.0.11 to fix a port scanning vulnerability in the FTP protocol. The vulnerability, discovered by a contributor at Bindshell.net, could allow an intruder to perform a basic port scan of a user's internal network.

When an FTP client connects to a server and issues a command to enter passive mode (PASV), the FTP server can respond with an alternative server and port address to connect to. That feature can be combined with JavaScript to conduct port scans by testing whether connections were successful.

According to a paper published on the Bindshell.net Web site, Firefox, Konquerer, and Opera Web browsers are vulnerable to such an exploit. Mozilla Foundation said that the new releases cause Firefox to ignore the alternate server addresses. Microsoft Internet Explorer (IE) 7.0 and 6.0 aren't subject to this particular vulnerability.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like