Intrusion Prevention

Mozilla.Firefox.WOFF.Heap.Overflow

Description

This indicates an attack attempt against a buffer overflow vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles a malcious font file. It allows a remote attacker to execute arbitrary code via sending a crafted web page.

Affected Products

Mozilla firefox 3.6 and other versions

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version beta build of Firefox 3.6.2. The full version will be available on March 30.

CVE References

CVE-2010-1028