===================================================================== CERT-Renater Note d'Information No. 2010/VULN100 _____________________________________________________________________ DATE : 26/03/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Firefox 3.6. ====================================================================== http://www.mozilla.org/security/announce/2010/mfsa2010-08.html ______________________________________________________________________ Mozilla Foundation Security Advisory 2010-08 Title: WOFF heap corruption due to integer overflow Impact: Critical Announced: March 22, 2010 Reporter: Evgeny Legerov Products: Firefox 3.6 Fixed in: Firefox 3.6.2 Description Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim's browser and execute arbitrary code on his/her system. Support for the WOFF downloadable font format is new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect products built on earlier versions of the Mozilla browser engine. References * https://bugzilla.mozilla.org/show_bug.cgi?id=552216 * CVE-2010-1028 ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================