CVE-2010-1028
Mozilla Firefox WOFF Font Format dirEntry Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
Un desbordamiento de enteros en la funcionalidad de descompresión en el decodificador Web Open Fonts Format (WOFF) en Firefox de Mozilla versiones 3.6 anteriores a 3.6.2 y versiones 3.7 anteriores a 3.7 alpha 3, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo WOFF especialmente diseñado que desencadena un desbordamiento de búfer, como es demostrado por el módulo vd_ff en VulnDisco versión 9.0.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the way the browser loads a WOFF-based font. Upon calculating the length of some data read from the file, the application will miscalculate a size used for an allocation, and then copy an incorrect amount of data into that buffer. Due to the difference between the size of the allocation and the size of the copy, a buffer overflow will occur which can lead to code execution under the context of the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-03-19 CVE Reserved
- 2010-03-19 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608 | X_refsource_misc | |
http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608 | X_refsource_confirm | |
http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities | X_refsource_misc | |
http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html | X_refsource_misc | |
http://www.kb.cert.org/vuls/id/964549 | Third Party Advisory | |
https://bugzilla.mozilla.org/show_bug.cgi?id=552216 | X_refsource_confirm | |
https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0 | X_refsource_misc | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/38608 | 2017-09-19 | |
http://secunia.com/community/forum/thread/show/3592 | 2017-09-19 | |
http://www.mozilla.org/security/announce/2010/mfsa2010-08.html | 2017-09-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.6 Search vendor "Mozilla" for product "Firefox" and version "3.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.6 Search vendor "Mozilla" for product "Firefox" and version "3.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.6 Search vendor "Mozilla" for product "Firefox" and version "3.6" | a1_pre |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.6 Search vendor "Mozilla" for product "Firefox" and version "3.6" | a1_pre |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.6.1 Search vendor "Mozilla" for product "Firefox" and version "3.6.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.6.1 Search vendor "Mozilla" for product "Firefox" and version "3.6.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.7 Search vendor "Mozilla" for product "Firefox" and version "3.7" | a1_pre |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.7 Search vendor "Mozilla" for product "Firefox" and version "3.7" | a1_pre |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.7 Search vendor "Mozilla" for product "Firefox" and version "3.7" | alpha1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.7 Search vendor "Mozilla" for product "Firefox" and version "3.7" | alpha1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.7 Search vendor "Mozilla" for product "Firefox" and version "3.7" | alpha2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.7 Search vendor "Mozilla" for product "Firefox" and version "3.7" | alpha2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|