Unrated severityNVD Advisory· Published Sep 29, 2009· Updated Jun 16, 2026
CVE-2009-3478
CVE-2009-3478
Description
Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
6- www.securityfocus.com/bid/36536nvdPatch
- vuln.sg/fireftp105-en.htmlnvdExploit
- secunia.com/advisories/36860nvdVendor Advisory
- www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diffnvd
- www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diffnvd
- www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diffnvd
News mentions
0No linked articles in our index yet.