CVE-2009-3478
Last modified
CVE-2009-3478 is a vulnerability of currently unknown severity. Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.. EPSS estimates a 1.25% chance of exploitation in the next 30 days.
Description
Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nightlight | Fireftp | 1.0.5 |
References
- http://secunia.com/advisories/36860Vendor Advisory
- http://secunia.com/advisories/36860Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3478?
How severe is CVE-2009-3478?
How do I fix CVE-2009-3478?
Are you affected by CVE-2009-3478?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST