CVE-2010-1028

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

References

http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/

http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/

http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/

http://secunia.com/advisories/38608

http://secunia.com/community/forum/thread/show/3592

http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html

http://www.kb.cert.org/vuls/id/964549

http://www.mozilla.org/security/announce/2010/mfsa2010-08.html

https://bugzilla.mozilla.org/show_bug.cgi?id=552216

https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969

Details

Source: MITRE

Published: 2010-03-19

Updated: 2017-09-19

Type: CWE-189

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
68055Oracle Linux 5 : firefox (ELSA-2010-0501)NessusOracle Linux Local Security Checks
critical
68054Oracle Linux 4 : firefox (ELSA-2010-0500)NessusOracle Linux Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
48265CentOS 4 : firefox (CESA-2010:0500)NessusCentOS Local Security Checks
critical
47129CentOS 5 : firefox (CESA-2010:0501)NessusCentOS Local Security Checks
critical
47119RHEL 5 : firefox (RHSA-2010:0501)NessusRed Hat Local Security Checks
critical
47118RHEL 4 : firefox (RHSA-2010:0500)NessusRed Hat Local Security Checks
critical
45135FreeBSD : firefox -- WOFF heap corruption due to integer overflow (5d5ed535-3653-11df-9edc-000f20797ede)NessusFreeBSD Local Security Checks
high
801342Mozilla Firefox < 3.6.2 Multiple Vulnerabilities.Log Correlation EngineWeb Clients
high
5485Mozilla Firefox 3.6.x < 3.6.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
45133Firefox 3.6.x < 3.6.2 Multiple VulnerabilitiesNessusWindows
high