Candidate: CVE-2010-1028
PublicDate: 2010-03-19 21:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028
Description:
 Integer overflow in the decompression functionality in the Web Open Fonts
 Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before
 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted
 WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff
 module in VulnDisco 9.0.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_firefox:
upstream_firefox: released (3.6.2)
dapper_firefox: ignored (reached end-of-life)
hardy_firefox: not-affected
intrepid_firefox: DNE
jaunty_firefox: DNE
karmic_firefox: DNE
devel_firefox: released (3.6.3+nobinonly-0ubuntu2)