9.3

CVE-2010-1028

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version3.6
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.6 Updatea1_pre
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.6.1
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.7 Updatea1_pre
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.7 Updatealpha1
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.7 Updatealpha2
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.82% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/
http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/
http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/
http://secunia.com/advisories/38608
Vendor Advisory
http://secunia.com/community/forum/thread/show/3592
Vendor Advisory
http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html
http://www.kb.cert.org/vuls/id/964549
US Government Resource
http://www.mozilla.org/security/announce/2010/mfsa2010-08.html
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=552216
https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969