9.3

CVE-2010-1028

EPSS 10.41%
Veröffentlicht 19.03.2010 21:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version3.6

Microsoft ≫ Windows Vista
Microsoft ≫ Windows Xp Updatesp3

Mozilla ≫ Firefox Version3.6 Updatea1_pre

Microsoft ≫ Windows Vista
Microsoft ≫ Windows Xp Updatesp3

Mozilla ≫ Firefox Version3.6.1

Microsoft ≫ Windows Vista
Microsoft ≫ Windows Xp Updatesp3

Mozilla ≫ Firefox Version3.7 Updatea1_pre

Microsoft ≫ Windows Vista
Microsoft ≫ Windows Xp Updatesp3

Mozilla ≫ Firefox Version3.7 Updatealpha1

Microsoft ≫ Windows Vista
Microsoft ≫ Windows Xp Updatesp3

Mozilla ≫ Firefox Version3.7 Updatealpha2

Microsoft ≫ Windows Vista
Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.41%	0.93

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/

http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/

http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/

http://secunia.com/advisories/38608

Vendor Advisory

http://secunia.com/community/forum/thread/show/3592

Vendor Advisory

http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html

http://www.kb.cert.org/vuls/id/964549

US Government Resource

http://www.mozilla.org/security/announce/2010/mfsa2010-08.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=552216

https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969

https://nvd.nist.gov/vuln/detail/CVE-2010-1028

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1028

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1028

EUVD