ByteOS Network

CVE Vulnerability Details :

CVE-2010-1028

PUBLISHED

More Info Official Page

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-19 Mar, 2010 | 21:00

Updated At-07 Aug, 2024 | 01:06

▼CVE Numbering Authority (CNA)

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=552216	x_refsource_CONFIRM
https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/	x_refsource_MISC
http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/	x_refsource_MISC
http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html	x_refsource_MISC
http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/	x_refsource_MISC
http://secunia.com/advisories/38608	third-party-advisory x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969	vdb-entry signature x_refsource_OVAL
http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/	x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2010/mfsa2010-08.html	x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/964549	third-party-advisory x_refsource_CERT-VN
http://secunia.com/community/forum/thread/show/3592	x_refsource_MISC

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=552216

Resource:

x_refsource_CONFIRM

Hyperlink: https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/

Resource:

x_refsource_MISC

Hyperlink: http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/

Resource:

x_refsource_MISC

Hyperlink: http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html

Resource:

x_refsource_MISC

Hyperlink: http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/

Resource:

x_refsource_MISC

Hyperlink: http://secunia.com/advisories/38608

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-08.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.kb.cert.org/vuls/id/964549

Resource:

third-party-advisory

x_refsource_CERT-VN

Hyperlink: http://secunia.com/community/forum/thread/show/3592

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=552216	x_refsource_CONFIRM x_transferred
https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/	x_refsource_MISC x_transferred
http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/	x_refsource_MISC x_transferred
http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html	x_refsource_MISC x_transferred
http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/	x_refsource_MISC x_transferred
http://secunia.com/advisories/38608	third-party-advisory x_refsource_SECUNIA x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969	vdb-entry signature x_refsource_OVAL x_transferred
http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/	x_refsource_CONFIRM x_transferred
http://www.mozilla.org/security/announce/2010/mfsa2010-08.html	x_refsource_CONFIRM x_transferred
http://www.kb.cert.org/vuls/id/964549	third-party-advisory x_refsource_CERT-VN x_transferred
http://secunia.com/community/forum/thread/show/3592	x_refsource_MISC x_transferred

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=552216

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://secunia.com/advisories/38608

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-08.html

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.kb.cert.org/vuls/id/964549

Resource:

third-party-advisory

x_refsource_CERT-VN

x_transferred

Hyperlink: http://secunia.com/community/forum/thread/show/3592

Resource:

x_refsource_MISC

x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References