9.3

CVE-2010-1028

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

Data is provided by the National Vulnerability Database (NVD)
MozillaFirefox Version3.6
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.6 Updatea1_pre
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.6.1
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.7 Updatea1_pre
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.7 Updatealpha1
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
MozillaFirefox Version3.7 Updatealpha2
   MicrosoftWindows Vista
   MicrosoftWindows Xp Updatesp3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 10.41% 0.93
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C