=====================================================================
                                     CERT-Renater

                          Note d'Information No. 2007/VULN143
_____________________________________________________________________

DATE                      : 22/03/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Firefox, SeaMonkey.

======================================================================
http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
______________________________________________________________________

Mozilla Foundation Security Advisory 2007-11
Title: FTP PASV port-scanning
Impact: Low
Announced: March 20, 2007
Reporter: mark@bindshell.net
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.3
   Firefox 1.5.0.11
Description
The FTP protocol includes the PASV (passive) command which is used by Firefox to 
request an alternate data port. The specification of the FTP protocol allows the 
server response to include an alternate server address as well, although this is 
rarely used in practice.

mark@bindshell.net reported that a malicious web page hosted on a 
specially-coded FTP server could use this feature to perform a rudimentary 
port-scan of machines inside the firewall of the victim. By itself this causes 
no harm, but information about an internal network may be useful to an attacker 
should there be other vulnerabilities present on the network.

Mozilla clients will now ignore the alternate server address.
References
Manipulating FTP Clients Using The PASV Command [bindshell.net]
RFC 959: File Transfer Protocol
https://bugzilla.mozilla.org/show_bug.cgi?id=370559


======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================