PT-2010-2749 · Mozilla · Firefox

Published

2010-03-19

Updated

2024-12-12

CVE-2010-1028

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.6 through 3.6.1 Mozilla Firefox versions 3.7 alpha 1 through 3.7 alpha 2

Description The issue is related to an integer overflow in the decompression functionality of the Web Open Fonts Format (WOFF) decoder. This allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow.

Recommendations For Mozilla Firefox versions 3.6 through 3.6.1, update to version 3.6.2 or later. For Mozilla Firefox versions 3.7 alpha 1 through 3.7 alpha 2, update to version 3.7 alpha 3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2010-1028

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

ZDI-10-064

Affected Products

Firefox

PT-2010-2749 · Mozilla · Firefox

CVE-2010-1028

Weakness Enumeration

Related Identifiers

Affected Products

References · 2073