Test ID:	1.3.6.1.4.1.25623.1.0.67137
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: firefox
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: firefox CVE-2010-1028 Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1028 CERT/CC vulnerability note: VU#964549 http://www.kb.cert.org/vuls/id/964549 http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/ http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/ http://secunia.com/community/forum/thread/show/3592 http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7969 http://secunia.com/advisories/38608
Copyright	Copyright (C) 2010 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.