Incident Response, Malware, TDR

Vulnerabilities allow delivery of malware through web page fonts

A researcher discovered vulnerabilities in the Graphite font processing library (also called Libgraphite) that affects many applications, including Firefox, OpenOffice, Thunderbird, Pale Moon, WorldPad and many Linux distributions.

The flaws would allow hackers to take recent attacks that infect web users through malware-infected web pages to the next level. One of the vulnerabilities (CVE-2016-1521) allows attackers to deliver malicious code to web users who visit a web page that contains Graphite-enabled fonts.

“Since Mozilla Firefox 11 and later versions directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server (since Graphite supports both local and server-based fonts),” stated Cisco in a corporate blog post.

The other vulnerabilities involve a heap data buffer overflow (CVE-2016-1522) and vulnerabilities that allow DDoS attacks (CVE-2016-1523 and CVE-2016-1526). The flaws were discovered by Yves Younan, a researcher in Cisco's Talos Group.

UPDATE: Mozilla reached out to to issue the following statement by principal security engineer Dan Veditz issued the following statement: “The current general available release of Firefox is not affected by the Libgraphite font vulnerability.  Users should always make sure to update to the latest version of Firefox for the most-recent security updates and features by going to”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.