[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-3765

Date: (C)2010-10-27   (M)2017-09-22
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Reference:
SECTRACK-1024645
SECTRACK-1024650
SECTRACK-1024651
EXPLOIT-DB-15341
EXPLOIT-DB-15342
EXPLOIT-DB-15352
SECUNIA-41761
SECUNIA-41965
SECUNIA-41966
SECUNIA-41969
SECUNIA-41975
SECUNIA-42003
SECUNIA-42008
SECUNIA-42043
SECUNIA-42867
BID-44425
ADV-2010-2837
ADV-2010-2857
ADV-2010-2864
ADV-2010-2871
ADV-2011-0061
DSA-2124
FEDORA-2010-16883
FEDORA-2010-16885
FEDORA-2010-16897
FEDORA-2010-17105
MDVSA-2010:213
MDVSA-2010:219
RHSA-2010:0808
RHSA-2010:0809
RHSA-2010:0810
RHSA-2010:0812
RHSA-2010:0861
RHSA-2010:0896
SSA:2010-305-01
USN-1011-1
USN-1011-2
USN-1011-3
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://isc.sans.edu/diary.html?storyid=9817
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
http://support.avaya.com/css/P8/documents/100114329
http://support.avaya.com/css/P8/documents/100114335
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
http://www.norman.com/security_center/virus_description_archive/129146/
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
https://bugzilla.redhat.com/show_bug.cgi?id=646997

CPE    56
cpe:/a:mozilla:thunderbird:3.0.9
cpe:/a:mozilla:thunderbird:3.0.8
cpe:/a:mozilla:thunderbird:3.0.7
cpe:/a:mozilla:thunderbird:3.0.6
...
CWE    1
CWE-119
OVAL    46
oval:org.secpod.oval:def:100915
oval:org.secpod.oval:def:100009
oval:org.secpod.oval:def:200011
oval:org.secpod.oval:def:200132
...

© 2013 SecPod Technologies