Vulnerability Details : CVE-2007-5691
ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer."
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2007-5691
Probability of exploitation activity in the next 30 days: 0.61%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-5691
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-5691
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5691
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/37334
-
http://www.securityfocus.com/bid/26159
Patch
-
http://securityreason.com/securityalert/3319
Firefox ParseFTPList Remote Denial of Service and Zaptel SetHDLC.c Local Buffer Overflow - CXSecurity.com
-
http://www.eleytt.com/advisories/eleytt_FFPARSEFTPLIST.pdf
- http://www.securityfocus.com/archive/1/482597/100/0/threaded
Products affected by CVE-2007-5691
- cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*