Executive Summary
Summary | |
---|---|
Title | Mozilla WOFF decoder integer overflow |
Informations | |||
---|---|---|---|
Name | VU#964549 | First vendor Publication | 2010-03-23 |
Vendor | VU-CERT | Last vendor Modification | 2010-07-28 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#964549Mozilla WOFF decoder integer overflowOverviewAn integer overflow in the Mozilla Web Open Fonts Format (WOFF) decoder may allow a remote attacker to execute code on an affected system.I. DescriptionThe Web Open Fonts Format (WOFF) is a simple compressed file format for fonts. Mozilla introduced support for WOFF in the 1.9.2 branch of the base software, which is used by Firefox versions 3.6 and later.An integer overflow error exists in the way the WOFF decoder handles the size of tables specified in the font file. This error could result in a buffer overflow vulnerability on a subsequent memory allocation. A remote attacker who is able to supply a malicious WOFF file could exploit this vulnerability.
Systems AffectedAny Mozilla-derived product that uses the Mozilla 1.9.2 code could be affected.
Referenceshttp://www.theregister.co.uk/2010/02/18/firefox_zero_day_report/ This vulnerability was reported to Mozilla by Evgeny Legerov of Intevydis. This document was written by Chad R Dougherty.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/964549 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7969 | |||
Oval ID: | oval:org.mitre.oval:def:7969 | ||
Title: | Mozilla Firefox WOFF Processing Integer Overflow Vulnerability | ||
Description: | Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1028 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 6 |
ExploitDB Exploits
id | Description |
---|---|
2013-08-19 | Mozilla Firefox 3.6 - Integer Overflow Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2010-04-29 | Name : Mandriva Update for firefox MDVSA-2010:070-1 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070_1.nasl |
2010-04-16 | Name : Mandriva Update for firefox MDVSA-2010:070 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070.nasl |
2010-03-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox45.nasl |
2010-03-23 | Name : Mozilla Firefox Unspecified Vulnerability (Windows) File : nvt/secpod_firefox_unspecified_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62416 | Mozilla Firefox Unspecified Arbitrary Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox WOFF font processing integer overflow attempt - CFF-based RuleID : 16502 - Revision : 9 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox WOFF font processing integer overflow attempt RuleID : 16501 - Revision : 10 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0500.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0501.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2010-08-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0500.nasl - Type : ACT_GATHER_INFO |
2010-06-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0501.nasl - Type : ACT_GATHER_INFO |
2010-06-23 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0500.nasl - Type : ACT_GATHER_INFO |
2010-06-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0501.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-070.nasl - Type : ACT_GATHER_INFO |
2010-03-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5d5ed535365311df9edc000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote Windows host contains a web browser that is affected by Multiple V... File : mozilla_firefox_362.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-01-19 21:31:05 |
|