PT-2010-2749 · Mozilla · Firefox

Publicado

2010-03-19

Atualizado

2024-12-12

CVE-2010-1028

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.6 through 3.6.1 Mozilla Firefox versions 3.7 alpha 1 through 3.7 alpha 2

Description The issue is related to an integer overflow in the decompression functionality of the Web Open Fonts Format (WOFF) decoder. This allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow.

Recommendations For Mozilla Firefox versions 3.6 through 3.6.1, update to version 3.6.2 or later. For Mozilla Firefox versions 3.7 alpha 1 through 3.7 alpha 2, update to version 3.7 alpha 3 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2010-1028

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

ZDI-10-064

Produtos afetados

Firefox

PT-2010-2749 · Mozilla · Firefox

CVE-2010-1028

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2073