VIR Vulnerability Intelligence Relay

CVE-2010-1028

critical
Published 2010-03-19 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
9.3

Description

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker ยท View original โ†— ยท DFSG

CVE-2010-1028 NameCVE-2010-1028 DescriptionInteger overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. SourceCVE (at NVD; CERT, ENISA, LWN,โ€ฆ

CVE-2010-1028

NameCVE-2010-1028
DescriptionInteger overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs787085

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
calibre (PTS)bullseye5.12.0+dfsg-1+deb11u2fixed
bullseye (security)5.12.0+dfsg-1+deb11u4fixed
bookworm6.13.0+repack-2+deb12u6fixed
trixie8.5.0+ds-1+deb13u2fixed
forky9.8.0+ds+~0.10.6-2fixed
sid9.9.0+ds+~0.10.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
calibresourcewheezy(not affected)
calibresource(unstable)2.38.0+dfsg-1787085
iceapesource(unstable)(not affected)
xulrunnersource(unstable)(not affected)

Notes

- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
- iceape <not-affected> (Vulnerable code not present)
[jessie] - calibre <no-dsa> (Minor issue)
[wheezy] - calibre <not-affected> (src/calibre/utils/fonts/woff/ not introduced until version 0.9.33)
2.38.0+dfsg-1 removed the copy of woff below src/calibre/utils/fonts/woff/

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)- iceape <not-affected> (Vulnerable code not present)[jessie] - calibre <no-dsa> (Minor issue)[wheezy] - calibre <not-affected> (src/calibre/utils/fonts/woff/ not introduced until version 0.9.33)2.38.0+dfsg-1 removed the copy of woff below src/calibre/utils/fonts/woff/

OS impact
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 2.38.0+dfsg-1
sid Fixed 2.38.0+dfsg-1
forky Fixed 2.38.0+dfsg-1
bullseye Fixed 2.38.0+dfsg-1
bookworm Fixed 2.38.0+dfsg-1
windows Windows Fixed 1 release
VersionStatusFixed in
โ€” Not affected โ€”

Application impact
VendorProductVersionsFixed
mozilla mozillafirefox3.6
mozilla mozillafirefox3.6.1
mozilla mozillafirefox3.7

References

CWEs

CWE-189

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.