Short Name |
HTTP:STC:DL:MAL-WOFF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mozilla Firefox WOFF Font Processing Integer Overflow |
Release Date |
2010/10/13 |
Update Number |
1791 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known code execution vulnerability Mozilla Firefox. It is due to an integer overflow error in a font decompression routine within the Web Open Fonts Format (WOFF) decoder. This can be exploited by remote attackers to execute arbitrary code on the target machine by enticing a user to open a maliciously crafted WOFF file. In a successful attack the behavior of the target system depends entirely on the logic of the injected code, which runs within the security context of the currently logged in user.
Mozilla Firefox is prone to a remote code-execution vulnerability due to an integer-overflow error in the WOFF decoder. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in denial-of-service conditions. The issue affects Mozilla Firefox 3.6.