CVE-2010-1028
🟠 Łataj w tym tygodniu
Przepełnienie bufora w dekoderze WOFF w Firefoxie umożliwia zdalne wykonanie kodu.
CVSS
9.3
EPSS
9.9%
Exploit
none
Vendor
mozilla
Opis źródłowy (NVD)
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
buffer-overflow
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 9.9% |
| Opublikowano (NVD) | 2010-03-19 21:30:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-29 01:13:23 UTC |
Referencje
- http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/ (cve@mitre.org)
- http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/ (cve@mitre.org)
- http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/ (cve@mitre.org)
- http://secunia.com/advisories/38608 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/community/forum/thread/show/3592 (cve@mitre.org) [Vendor Advisory]
- http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html (cve@mitre.org)
- http://www.kb.cert.org/vuls/id/964549 (cve@mitre.org) [US Government Resource]
- http://www.mozilla.org/security/announce/2010/mfsa2010-08.html (cve@mitre.org) [Vendor Advisory]
- https://bugzilla.mozilla.org/show_bug.cgi?id=552216 (cve@mitre.org)
- https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/ (cve@mitre.org)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969 (cve@mitre.org)