Mozilla Firefox CSS font-face Remote Code Execution Vulnerability

2010-07-20T00:00:00
ID ZDI-10-133
Type zdi
Reporter J23 (http://twitter.com/HansJ23)
Modified 2010-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within handling of references to external font resources. A value is used as a 16 bit integer in an array allocation and later as 32 bit when iterating over and then populating these fields. By creating enough references, a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.