You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-08

Mozilla Foundation Security Advisory 2010-08

Title: WOFF heap corruption due to integer overflow
Impact: Critical
Announced: March 22, 2010
Reporter: Evgeny Legerov
Products: Firefox 3.6

Fixed in: Firefox 3.6.2

Description

Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim's browser and execute arbitrary code on his/her system.

Support for the WOFF downloadable font format is new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect products built on earlier versions of the Mozilla browser engine.

References