CVE-2009-3478

Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:nightlight:fireftp:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-09-29 23:30

Updated : 2024-02-04 17:33


NVD link : CVE-2009-3478

Mitre link : CVE-2009-3478

CVE.ORG link : CVE-2009-3478


JSON object : View

Products Affected

nightlight

  • fireftp

mozilla

  • firefox
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')