Lucene search
RootSSV:19337HistoryMar 24, 2010 - 12:00 a.m.
Mozilla Firefox 3.6 WOFF解码器整数溢出漏洞
2010-03-2400:00:00
Root
www.seebug.org
29
0.839 High
EPSS
Percentile
98.2%
BUGTRAQ ID: 38298
CVE ID: CVE-2010-1028
Firefox是一款流行的开源WEB浏览器。
Firefox中所使用的Web开放字体格式(WOFF)解码器在解析字体文件中所指定的表格大小时存在最终可导致堆溢出的整数溢出漏洞。如果用户所访问网页中所嵌入的WOFF字体包含有超长的origLen字段的话,就可以触发这个溢出,导致执行任意代码。
Mozilla Firefox 3.6
临时解决方法:
- 禁止下载远程字体,在浏览器的地址栏中输入about:config并将以下值设置为false:
gfx.downloadable_fonts.enabled
厂商补丁:
Mozilla
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox WOFF Font Processing Integer Overflow (CVE-2010-1028)
2010-05-09 00:00:00
prion
prion
Integer overflow
2010-03-19 21:30:00
Memory corruption
2010-03-25 22:30:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-08
2010-04-06 00:00:00
x90c WOFF Firefox 1day exploit
2013-08-20 00:00:00
ubuntucve
ubuntucve
CVE-2010-1028
2010-03-19 00:00:00
CVE-2010-1122
2010-03-25 00:00:00
cve
cve
CVE-2010-1028
2010-03-19 21:30:00
CVE-2010-1122
2010-03-25 22:30:00
freebsd
freebsd
firefox -- WOFF heap corruption due to integer overflow
2010-03-22 00:00:00
zdt
zdt
Mozilla Firefox 3.6 - Integer Overflow Exploit
2013-08-19 00:00:00
openvas
openvas
Mozilla Firefox Unspecified Vulnerability (Windows)
2010-03-23 00:00:00
FreeBSD Ports: firefox
2010-03-30 00:00:00
FreeBSD Ports: firefox
2010-03-30 00:00:00
zdi
zdi
nessus
nessus
FreeBSD : firefox -- WOFF heap corruption due to integer overflow (5d5ed535-3653-11df-9edc-000f20797ede)
2010-03-24 00:00:00
CentOS 4 : firefox (CESA-2010:0500)
2010-08-09 00:00:00
Mozilla Firefox < 3.6.2 Multiple Vulnerabilities.
2010-03-23 00:00:00
debiancve
debiancve
CVE-2010-1028
2010-03-19 21:30:00
mozilla
mozilla
WOFF heap corruption due to integer overflow — Mozilla
2010-03-22 00:00:00
cert
cert
Mozilla WOFF decoder integer overflow
2010-03-23 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00