CVE-2010-1028 - Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in M

CVE-2010-1028

Summary

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6:a1_pre:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6:a1_pre:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.7:a1_pre:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.7:a1_pre:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.7:alpha1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.7:alpha1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.7:alpha2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.7:alpha2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 19-09-2017 - 01:30)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2014-10-06T04:04:35.439-04:00

class

vulnerability

contributors

name J. Daniel Brown
organization DTCC
name Sergey Artykhov
organization ALTX-SOFT
name Sergey Artykhov
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT

definition_extensions

comment	Mozilla Firefox Mainline release is installed
oval	oval:org.mitre.oval:def:22259

description

family

windows

oval:org.mitre.oval:def:7969

status

accepted

submitted

2010-03-23T09:30:00.000-05:00

title

Mozilla Firefox WOFF Processing Integer Overflow Vulnerability

version

refmap via4

cert-vn	VU#964549
confirm	http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/ http://www.mozilla.org/security/announce/2010/mfsa2010-08.html https://bugzilla.mozilla.org/show_bug.cgi?id=552216
misc	http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/ http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/ http://secunia.com/community/forum/thread/show/3592 http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/
secunia	38608

Last major update

19-09-2017 - 01:30

Published

19-03-2010 - 21:30

Last modified

19-09-2017 - 01:30