QwikSec

Security Database

CVE

CWE

Training

CVE-2010-1028

Published: Mar 19, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=552216

x_refsource_CONFIRM

https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/

x_refsource_MISC

http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/

x_refsource_MISC

http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html

x_refsource_MISC

http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:7969

vdb-entry

signature

x_refsource_OVAL

http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/

x_refsource_CONFIRM

http://www.mozilla.org/security/announce/2010/mfsa2010-08.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT-VN

http://secunia.com/community/forum/thread/show/3592

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.