[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-3765Date: (C)2010-10-27   (M)2018-06-11


Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1024645
SECTRACK-1024650
SECTRACK-1024651
EXPLOIT-DB-15341
EXPLOIT-DB-15342
EXPLOIT-DB-15352
SECUNIA-41761
SECUNIA-41965
SECUNIA-41966
SECUNIA-41969
SECUNIA-41975
SECUNIA-42003
SECUNIA-42008
SECUNIA-42043
SECUNIA-42867
BID-44425
ADV-2010-2837
ADV-2010-2857
ADV-2010-2864
ADV-2010-2871
ADV-2011-0061
DSA-2124
FEDORA-2010-16883
FEDORA-2010-16885
FEDORA-2010-16897
FEDORA-2010-17105
MDVSA-2010:213
MDVSA-2010:219
RHSA-2010:0808
RHSA-2010:0809
RHSA-2010:0810
RHSA-2010:0812
RHSA-2010:0861
RHSA-2010:0896
SSA:2010-305-01
USN-1011-1
USN-1011-2
USN-1011-3
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://isc.sans.edu/diary.html?storyid=9817
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
http://support.avaya.com/css/P8/documents/100114329
http://support.avaya.com/css/P8/documents/100114335
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
http://www.norman.com/security_center/virus_description_archive/129146/
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
https://bugzilla.redhat.com/show_bug.cgi?id=646997

CPE    56
cpe:/a:mozilla:seamonkey:2.0.5
cpe:/a:mozilla:seamonkey:2.0.6
cpe:/a:mozilla:seamonkey:2.0.7
cpe:/a:mozilla:seamonkey:2.0.8
...
CWE    1
CWE-119
OVAL    46
oval:org.secpod.oval:def:600096
oval:org.secpod.oval:def:700047
oval:org.secpod.oval:def:700119
oval:org.secpod.oval:def:700060
...

© SecPod Technologies