Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 prior to 3.6.2 and 3.7 prior to 3.7 alpha 3 allows remote malicious users to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.6.1 |
||
mozilla firefox 3.6 |
||
mozilla firefox 3.7 |