Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:DL:MAL-WOFF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Mozilla Firefox WOFF Font Processing Integer Overflow

Release Date

 2010/10/13

Update Number

 1791

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Mozilla Firefox WOFF Font Processing Integer Overflow


This signature detects attempts to exploit a known code execution vulnerability Mozilla Firefox. It is due to an integer overflow error in a font decompression routine within the Web Open Fonts Format (WOFF) decoder. This can be exploited by remote attackers to execute arbitrary code on the target machine by enticing a user to open a maliciously crafted WOFF file. In a successful attack the behavior of the target system depends entirely on the logic of the injected code, which runs within the security context of the currently logged in user.

Extended Description

Mozilla Firefox is prone to a remote code-execution vulnerability due to an integer-overflow error in the WOFF decoder. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in denial-of-service conditions. The issue affects Mozilla Firefox 3.6.

Affected Products

  • Mozilla Firefox 3.6

References

  • BugTraq: 38298
  • CVE: CVE-2010-1028

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out