The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

From Red Hat Security Advisory 2007:0402 :

Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall.
(CVE-2007-1562)

Several denial of service flaws were found in the way SeaMonkey handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent SeaMonkey from functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way SeaMonkey processed certain APOP authentication requests. By sending certain responses when SeaMonkey attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558)

A flaw was found in the way SeaMonkey handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870)

A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
(CVE-2007-2871)

Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.9 that corrects these issues.

From Red Hat Security Advisory 2007:0400 :

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
(CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.12 that corrects these issues.

Updated firefox packages that fix several security bugs are now available for Fedora Core 7.

Users of yelp are advised to upgrade to these erratum packages which contain a version of yelp built against a firefox version not vulnerable to these flaws.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated firefox packages that fix several security bugs are now available for Fedora Core 7.

Users of epiphany are advised to upgrade to these erratum packages which have been rebuilt against a patched firefox which is not vulnerable to these issues.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated firefox packages that fix several security bugs are now available for Fedora Core 7.

Users of devhelp are advised to upgrade to these erratum packages, which contain an update to devhelp built against the updated Firefox packages.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall.
(CVE-2007-1562)

Several denial of service flaws were found in the way SeaMonkey handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent SeaMonkey from functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way SeaMonkey processed certain APOP authentication requests. By sending certain responses when SeaMonkey attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558)

A flaw was found in the way SeaMonkey handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870)

A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
(CVE-2007-2871)

Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
(CVE-2007-2871)

Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall.
(CVE-2007-1562)

Several denial of service flaws were found in the way SeaMonkey handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent SeaMonkey from functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way SeaMonkey processed certain APOP authentication requests. By sending certain responses when SeaMonkey attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558)

A flaw was found in the way SeaMonkey handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870)

A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
(CVE-2007-2871)

Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.9 that corrects these issues.

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
(CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.12 that corrects these issues.

This update brings Mozilla Firefox to security update version 2.0.0.4

  - Chris Thomas demonstrated that XUL popups opened by web     content could be placed outside the boundaries of the     content area. This could be used to spoof or hide parts     of the browser chrome such as the location bar. (MFSA     2007-17 / CVE-2007-2871)

  - Mozilla contributor moz_bug_r_a4 demonstrated that the     addEventListener method could be used to inject script     into another site in violation of the browser's     same-origin policy. This could be used to access or     modify private or valuable information from that other     site. (MFSA 2007-16 / CVE-2007-2870)

  - Nicolas Derouet reported two problems with cookie     handling in Mozilla clients. Insufficient length checks     could be use to exhaust browser memory and so to crash     the browser or at least slow it done by a large degree.
    (MFSA 2007-14 / CVE-2007-1362)

    The second issue was that the cookie path and name     values were not checked for the presence of the     delimiter used for internal cookie storage, and if     present this confused future interpretation of the     cookie data. This is not considered to be exploitable.

  - Marcel reported that a malicious web page could perform     a denial of service attack against the form autocomplete     feature that would persist from session to session until     the malicious form data was deleted. Filling a text     field with millions of characters and submitting the     form will cause the victim's browser to hang for up to     several minutes while the form data is read, and this     will happen the first time autocomplete is triggered     after every browser restart. (MFSA 2007-13 /     CVE-2007-2869)

    No harm is done to the user's computer, but the     frustration caused by the hang could prevent use of     Firefox if users don't know how to clear the bad state.

  - As part of the Firefox 2.0.0.4 and 1.5.0.12 update     releases Mozilla developers fixed many bugs to improve     the stability of the product. Some of these crashes that     showed evidence of memory corruption under certain     circumstances and we presume that with enough effort at     least some of these could be exploited to run arbitrary     code. (MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868)

    Without further investigation we cannot rule out the     possibility that for some of these an attacker might be     able to prepare memory for exploitation through some     means other than JavaScript, such as large images.

  - Incorrect FTP PASV handling could be used by malicious     ftp servers to do a rudimentary port scanning of for     instance internal networks of the computer the browser     is running on. (MFSA 2007-11 / CVE-2007-1562)

A flaw was discovered in how Firefox handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated firefox packages that fix several security bugs are now available for Fedora Core 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
(CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 2.0.0.4 that corrects these issues.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update brings Mozilla SeaMonkey to security update version 1.1.2

  - MFSA 2007-17 / CVE-2007-2871 :

    Chris Thomas demonstrated that XUL popups opened by web     content could be placed outside the boundaries of the     content area. This could be used to spoof or hide parts     of the browser chrome such as the location bar.

  - MFSA 2007-16 / CVE-2007-2870 :

    Mozilla contributor moz_bug_r_a4 demonstrated that the     addEventListener method could be used to inject script     into another site in violation of the browser's     same-origin policy. This could be used to access or     modify private or valuable information from that other     site.

  - MFSA 2007-15 / CVE-2007-1558 :

    Ga&euml;tan Leurent informed us of a weakness in APOP     authentication that could allow an attacker to recover     the first part of your mail password if the attacker     could interpose a malicious mail server on your network     masquerading as your legitimate mail server. With normal     settings it could take several hours for the attacker to     gather enough data to recover just a few characters of     the password. This result was presented at the Fast     Software Encryption 2007 conference. 

  - MFSA 2007-14 / CVE-2007-1362 :

    Nicolas Derouet reported two problems with cookie     handling in Mozilla clients. Insufficient length checks     could be use to exhaust browser memory and so to crash     the browser or at least slow it done by a large degree.

    The second issue was that the cookie path and name     values were not checked for the presence of the     delimiter used for internal cookie storage, and if     present this confused future interpretation of the     cookie data. This is not considered to be exploitable.

  - MFSA 2007-13 / CVE-2007-2869 :

    Marcel reported that a malicious web page could perform     a denial of service attack against the form autocomplete     feature that would persist from session to session until     the malicious form data was deleted. Filling a text     field with millions of characters and submitting the     form will cause the victim's browser to hang for up to     several minutes while the form data is read, and this     will happen the first time autocomplete is triggered     after every browser restart. 

    No harm is done to the user's computer, but the     frustration caused by the hang could prevent use of     Thunderbird if users don't know how to clear the bad     state.

  - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868

    As part of the Thunderbird 2.0.0.4 and 1.5.0.12 update     releases Mozilla developers fixed many bugs to improve     the stability of the product. Some of these crashes that     showed evidence of memory corruption under certain     circumstances and we presume that with enough effort at     least some of these could be exploited to run arbitrary     code. 

    Without further investigation we cannot rule out the     possibility that for some of these an attacker might be     able to prepare memory for exploitation through some     means other than JavaScript, such as large images.

  - MFSA 2007-11 / CVE-2007-1562 :

    Incorrect FTP PASV handling could be used by malicious     ftp servers to do a rudimentary port scanning of for     instance internal networks of the computer the browser     is running on.

This update brings Mozilla SeaMonkey to security update version 1.1.2

  - MFSA 2007-17 / CVE-2007-2871 :

    Chris Thomas demonstrated that XUL popups opened by web     content could be placed outside the boundaries of the     content area. This could be used to spoof or hide parts     of the browser chrome such as the location bar.

  - MFSA 2007-16 / CVE-2007-2870 :

    Mozilla contributor moz_bug_r_a4 demonstrated that the     addEventListener method could be used to inject script     into another site in violation of the browser's     same-origin policy. This could be used to access or     modify private or valuable information from that other     site.

  - MFSA 2007-15 / CVE-2007-1558 :

    Ga&iuml;&iquest;&frac12;tan Leurent informed us of a     weakness in APOP authentication that could allow an     attacker to recover the first part of your mail password     if the attacker could interpose a malicious mail server     on your network masquerading as your legitimate mail     server. With normal settings it could take several hours     for the attacker to gather enough data to recover just a     few characters of the password. This result was     presented at the Fast Software Encryption 2007     conference. 

  - MFSA 2007-14 / CVE-2007-1362 :

    Nicolas Derouet reported two problems with cookie     handling in Mozilla clients. Insufficient length checks     could be use to exhaust browser memory and so to crash     the browser or at least slow it done by a large degree.

    The second issue was that the cookie path and name     values were not checked for the presence of the     delimiter used for internal cookie storage, and if     present this confused future interpretation of the     cookie data. This is not considered to be exploitable.

  - MFSA 2007-13 / CVE-2007-2869 :

    Marcel reported that a malicious web page could perform     a denial of service attack against the form autocomplete     feature that would persist from session to session until     the malicious form data was deleted. Filling a text     field with millions of characters and submitting the     form will cause the victim's browser to hang for up to     several minutes while the form data is read, and this     will happen the first time autocomplete is triggered     after every browser restart. 

    No harm is done to the user's computer, but the     frustration caused by the hang could prevent use of     Thunderbird if users don't know how to clear the bad     state.

  - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868

    As part of the Thunderbird 2.0.0.4 and 1.5.0.12 update     releases Mozilla developers fixed many bugs to improve     the stability of the product. Some of these crashes that     showed evidence of memory corruption under certain     circumstances and we presume that with enough effort at     least some of these could be exploited to run arbitrary     code. 

    Without further investigation we cannot rule out the     possibility that for some of these an attacker might be     able to prepare memory for exploitation through some     means other than JavaScript, such as large images.

  - MFSA 2007-11 / CVE-2007-1562 :

    Incorrect FTP PASV handling could be used by malicious     ftp servers to do a rudimentary port scanning of for     instance internal networks of the computer the browser     is running on.

This update brings Mozilla Thunderbird to security update version 1.5.0.12.

  - MFSA 2007-17 / CVE-2007-2871 :

    Chris Thomas demonstrated that XUL popups opened by web     content could be placed outside the boundaries of the     content area. This could be used to spoof or hide parts     of the browser chrome such as the location bar.

  - MFSA 2007-16 / CVE-2007-2870 :

    Mozilla contributor moz_bug_r_a4 demonstrated that the     addEventListener method could be used to inject script     into another site in violation of the browser's     same-origin policy. This could be used to access or     modify private or valuable information from that other     site.

  - MFSA 2007-15 / CVE-2007-1558 :

    Ga&euml;tan Leurent informed us of a weakness in APOP     authentication that could allow an attacker to recover     the first part of your mail password if the attacker     could interpose a malicious mail server on your network     masquerading as your legitimate mail server. With normal     settings it could take several hours for the attacker to     gather enough data to recover just a few characters of     the password. This result was presented at the Fast     Software Encryption 2007 conference. 

  - MFSA 2007-14 / CVE-2007-1362 :

    Nicolas Derouet reported two problems with cookie     handling in Mozilla clients. Insufficient length checks     could be use to exhaust browser memory and so to crash     the browser or at least slow it done by a large degree.

    The second issue was that the cookie path and name     values were not checked for the presence of the     delimiter used for internal cookie storage, and if     present this confused future interpretation of the     cookie data. This is not considered to be exploitable.

  - MFSA 2007-13 / CVE-2007-2869 :

    Marcel reported that a malicious web page could perform     a denial of service attack against the form autocomplete     feature that would persist from session to session until     the malicious form data was deleted. Filling a text     field with millions of characters and submitting the     form will cause the victim's browser to hang for up to     several minutes while the form data is read, and this     will happen the first time autocomplete is triggered     after every browser restart. 

    No harm is done to the user's computer, but the     frustration caused by the hang could prevent use of     Thunderbird if users don't know how to clear the bad     state.

  - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868

    As part of the Thunderbird 2.0.0.4 and 1.5.0.12 update     releases Mozilla developers fixed many bugs to improve     the stability of the product. Some of these crashes that     showed evidence of memory corruption under certain     circumstances and we presume that with enough effort at     least some of these could be exploited to run arbitrary     code. 

    Without further investigation we cannot rule out the     possibility that for some of these an attacker might be     able to prepare memory for exploitation through some     means other than JavaScript, such as large images.

  - MFSA 2007-11 / CVE-2007-1562 :

    Incorrect FTP PASV handling could be used by malicious     ftp servers to do a rudimentary port scanning of for     instance internal networks of the computer the browser     is running on.

This update brings Mozilla Firefox to security update version 2.0.0.4

This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0 and 10.1.

  - MFSA 2007-17 / CVE-2007-2871 :

    Chris Thomas demonstrated that XUL popups opened by web     content could be placed outside the boundaries of the     content area. This could be used to spoof or hide parts     of the browser chrome UI such as the location bar.

  - MFSA 2007-16 / CVE-2007-2870 :

    Mozilla contributor moz_bug_r_a4 demonstrated that the     addEventListener method could be used to inject script     into another site in violation of the browser's     same-origin policy. This could be used to access or     modify private or valuable information from that other     site.

  - MFSA 2007-14 / CVE-2007-1362 :

    Nicolas Derouet reported two problems with cookie     handling in Mozilla clients. Insufficient length checks     could be use to exhaust browser memory and so to crash     the browser or at least slow it done by a large degree.

    The second issue was that the cookie path and name     values were not checked for the presence of the     delimiter used for internal cookie storage, and if     present this confused future interpretation of the     cookie data. This is not considered to be exploitable.

  - MFSA 2007-13 / CVE-2007-2869 :

    Marcel reported that a malicious web page could perform     a denial of service attack against the form autocomplete     feature that would persist from session to session until     the malicious form data was deleted. Filling a text     field with millions of characters and submitting the     form will cause the victim's browser to hang for up to     several minutes while the form data is read, and this     will happen the first time autocomplete is triggered     after every browser restart. 

    No harm is done to the user's computer, but the     frustration caused by the hang could prevent use of     Firefox if users don't know how to clear the bad state.

  - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868

    As part of the Firefox 2.0.0.4 and 1.5.0.12 update     releases Mozilla developers fixed many bugs to improve     the stability of the product. Some of these crashes that     showed evidence of memory corruption under certain     circumstances and we presume that with enough effort at     least some of these could be exploited to run arbitrary     code. 

    Without further investigation we cannot rule out the     possibility that for some of these an attacker might be     able to prepare memory for exploitation through some     means other than JavaScript, such as large images.

  - MFSA 2007-11 / CVE-2007-1562 :

    Incorrect FTP PASV handling could be used by malicious     ftp servers to do a rudimentary port scanning of for     instance internal networks of the computer the browser     is running on.

This update brings Mozilla Firefox to security update version 2.0.0.4

This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0.

  - MFSA 2007-17 / CVE-2007-2871 :

    Chris Thomas demonstrated that XUL popups opened by web     content could be placed outside the boundaries of the     content area. This could be used to spoof or hide parts     of the browser chrome such as the location bar.

  - MFSA 2007-16 / CVE-2007-2870 :

    Mozilla contributor moz_bug_r_a4 demonstrated that the     addEventListener method could be used to inject script     into another site in violation of the browser's     same-origin policy. This could be used to access or     modify private or valuable information from that other     site.

  - MFSA 2007-14 / CVE-2007-1362 :

    Nicolas Derouet reported two problems with cookie     handling in Mozilla clients. Insufficient length checks     could be use to exhaust browser memory and so to crash     the browser or at least slow it done by a large degree.

    The second issue was that the cookie path and name     values were not checked for the presence of the     delimiter used for internal cookie storage, and if     present this confused future interpretation of the     cookie data. This is not considered to be exploitable.

  - MFSA 2007-13 / CVE-2007-2869 :

    Marcel reported that a malicious web page could perform     a denial of service attack against the form autocomplete     feature that would persist from session to session until     the malicious form data was deleted. Filling a text     field with millions of characters and submitting the     form will cause the victim's browser to hang for up to     several minutes while the form data is read, and this     will happen the first time autocomplete is triggered     after every browser restart. 

    No harm is done to the user's computer, but the     frustration caused by the hang could prevent use of     Firefox if users don't know how to clear the bad state.

  - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868

    As part of the Firefox 2.0.0.4 and 1.5.0.12 update     releases Mozilla developers fixed many bugs to improve     the stability of the product. Some of these crashes that     showed evidence of memory corruption under certain     circumstances and we presume that with enough effort at     least some of these could be exploited to run arbitrary     code. 

    Without further investigation we cannot rule out the     possibility that for some of these an attacker might be     able to prepare memory for exploitation through some     means other than JavaScript, such as large images.

  - MFSA 2007-11 / CVE-2007-1562 :

    Incorrect FTP PASV handling could be used by malicious     ftp servers to do a rudimentary port scanning of for     instance internal networks of the computer the browser     is running on.

The FTP client support in the installed version of Firefox has a flaw that could allow a remote attacker with control of an FTP server to perform a rudimentary port scan of, for example, the user's internal network.

The FTP client support in Mozilla Firefox 1.5.x prior to 1.5.0.11, or 2.x prior to 2.0.0.3 is affected by a flaw that could allow a remote attacker with control of an FTP server to perform a rudimentary port scan of the user's internal network. 

The FTP client support in the installed version of Firefox has a flaw that could allow a remote attacker with control of an FTP server to perform a rudimentary port scan of the user's internal network.

ID	Name	Product	Family	Severity
67511	Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0402)	Nessus	Oracle Linux Local Security Checks	high
67509	Oracle Linux 4 / 5 : firefox (ELSA-2007-0400)	Nessus	Oracle Linux Local Security Checks	high
62270	Fedora 7 : yelp-2.18.1-4.fc7 (2007-0009)	Nessus	Fedora Local Security Checks	high
62269	Fedora 7 : epiphany-2.18.1-3.fc7 (2007-0008)	Nessus	Fedora Local Security Checks	high
62268	Fedora 7 : devhelp-0.13-8.fc7 (2007-0006)	Nessus	Fedora Local Security Checks	high
60194	Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60192	Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
37778	CentOS 3 / 4 : seamonkey (CESA-2007:0402)	Nessus	CentOS Local Security Checks	high
36608	CentOS 4 / 5 : devhelp / firefox / yelp (CESA-2007:0400)	Nessus	CentOS Local Security Checks	high
29360	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3756)	Nessus	SuSE Local Security Checks	high
28040	Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerability (USN-443-1)	Nessus	Ubuntu Local Security Checks	medium
27648	Fedora 7 : firefox-2.0.0.4-1.fc7 (2007-0001)	Nessus	Fedora Local Security Checks	high
27442	openSUSE 10 Security Update : seamonkey (seamonkey-3632)	Nessus	SuSE Local Security Checks	high
27441	openSUSE 10 Security Update : seamonkey (seamonkey-3631)	Nessus	SuSE Local Security Checks	high
27131	openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3546)	Nessus	SuSE Local Security Checks	high
27130	openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3545)	Nessus	SuSE Local Security Checks	high
27121	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3547)	Nessus	SuSE Local Security Checks	high
27120	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3541)	Nessus	SuSE Local Security Checks	high
25367	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0402)	Nessus	Red Hat Local Security Checks	high
25365	RHEL 4 / 5 : firefox (RHSA-2007:0400)	Nessus	Red Hat Local Security Checks	high
24875	Firefox < 1.5.0.11 / 2.0.0.3 Multiple Vulnerabilities	Nessus	Windows	medium
3951	Mozilla Firefox < 1.5.0.11 / 2.0.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	low
800765	Firefox < 1.5.0.11 / 2.0.0.3 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	medium

Detections

Analytics

CVE-2007-1562

critical

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

medium

high

high

high

high

high

high

high

high

high

medium

low

medium