CVE-2010-1028 Information

Feb 14, 2021 cve

Description

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow as demonstrated by the vd_ff module in VulnDisco 9.0.

Reference

http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/ http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/ http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/ http://secunia.com/advisories/38608 http://secunia.com/community/forum/thread/show/3592 http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html http://www.kb.cert.org/vuls/id/964549 http://www.mozilla.org/security/announce/2010/mfsa2010-08.html https://bugzilla.mozilla.org/show_bug.cgi?id=552216 https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/ https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7969

Share on: