CVE-2010-3765

critical

Description

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

References

https://rhn.redhat.com/errata/RHSA-2010-0812.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108

https://bugzilla.redhat.com/show_bug.cgi?id=646997

https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53

https://bugzilla.mozilla.org/show_bug.cgi?id=607222

http://www.vupen.com/english/advisories/2011/0061

http://www.vupen.com/english/advisories/2010/2871

http://www.vupen.com/english/advisories/2010/2864

http://www.vupen.com/english/advisories/2010/2857

http://www.vupen.com/english/advisories/2010/2837

http://www.ubuntu.com/usn/usn-1011-1

http://www.ubuntu.com/usn/USN-1011-3

http://www.ubuntu.com/usn/USN-1011-2

http://www.securitytracker.com/id?1024651

http://www.securitytracker.com/id?1024650

http://www.securitytracker.com/id?1024645

http://www.securityfocus.com/bid/44425

http://www.redhat.com/support/errata/RHSA-2010-0896.html

http://www.redhat.com/support/errata/RHSA-2010-0861.html

http://www.redhat.com/support/errata/RHSA-2010-0810.html

http://www.redhat.com/support/errata/RHSA-2010-0809.html

http://www.redhat.com/support/errata/RHSA-2010-0808.html

http://www.norman.com/security_center/virus_description_archive/129146/

http://www.norman.com/about_norman/press_center/news_archive/2010/129223/

http://www.mozilla.org/security/announce/2010/mfsa2010-73.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:219

http://www.mandriva.com/security/advisories?name=MDVSA-2010:213

http://www.debian.org/security/2010/dsa-2124

http://support.avaya.com/css/P8/documents/100114335

http://support.avaya.com/css/P8/documents/100114329

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706

http://secunia.com/advisories/42867

http://secunia.com/advisories/42043

http://secunia.com/advisories/42008

http://secunia.com/advisories/42003

http://secunia.com/advisories/41975

http://secunia.com/advisories/41969

http://secunia.com/advisories/41966

http://secunia.com/advisories/41965

http://secunia.com/advisories/41761

http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html

http://isc.sans.edu/diary.html?storyid=9817

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/

Details

Source: Mitre, NVD

Published: 2010-10-28

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical