Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2010-08

WOFF heap corruption due to integer overflow

Announced
March 22, 2010
Reporter
Evgeny Legerov
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 3.6.2

Description

Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim's browser and execute arbitrary code on his/her system.

Support for the WOFF downloadable font format is new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect products built on earlier versions of the Mozilla browser engine.

References