Directory traversal vulnerability in the FireFTP add-on...
High severity
Unreviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Apr 9, 2025
Description
Published by the National Vulnerability Database
May 22, 2008
Published to the GitHub Advisory Database
May 1, 2022
Last updated
Apr 9, 2025
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References