CVE-2010-1028

2010-03-19 22:30:00 2017-09-19 03:30:33

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Mozilla Firefox 3.6 A1 pre (not an official CPE) Mozilla Firefox 3.7 Alpha1 (not an official CPE) Mozilla Firefox 3.6 Mozilla Firefox 3.7 Alpha2 (not an official CPE) Mozilla Firefox 3.6.1 (not an official CPE) Mozilla Firefox 3.7 A1 pre (not an official CPE)

Mozilla - Firefox

Advisory	Patch	Confirmed	Link
			https://forum.immunityinc.com/board/thread/1161/vulndisc...
			https://bugzilla.mozilla.org/show_bug.cgi?id=552216
			VU#964549
			http://www.mozilla.org/security/announce/2010/mfsa2010-0...
			http://www.h-online.com/security/news/item/Zero-day-expl...
			http://blog.psi2.de/en/2010/02/20/going-commercial-with-...
			http://blog.mozilla.com/security/2010/03/18/update-on-se...
			http://blog.mozilla.com/security/2010/02/22/secunia-advi...

CVE-2010-1028

2010-03-19 22:30:00 2017-09-19 03:30:33

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)