[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

88036

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-3765Date: (C)2010-10-27   (M)2018-06-11


Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1024645
SECTRACK-1024650
SECTRACK-1024651
EXPLOIT-DB-15341
EXPLOIT-DB-15342
EXPLOIT-DB-15352
SECUNIA-41761
SECUNIA-41965
SECUNIA-41966
SECUNIA-41969
SECUNIA-41975
SECUNIA-42003
SECUNIA-42008
SECUNIA-42043
SECUNIA-42867
BID-44425
ADV-2010-2837
ADV-2010-2857
ADV-2010-2864
ADV-2010-2871
ADV-2011-0061
DSA-2124
FEDORA-2010-16883
FEDORA-2010-16885
FEDORA-2010-16897
FEDORA-2010-17105
MDVSA-2010:213
MDVSA-2010:219
RHSA-2010:0808
RHSA-2010:0809
RHSA-2010:0810
RHSA-2010:0812
RHSA-2010:0861
RHSA-2010:0896
SSA:2010-305-01
USN-1011-1
USN-1011-2
USN-1011-3
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://isc.sans.edu/diary.html?storyid=9817
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
http://support.avaya.com/css/P8/documents/100114329
http://support.avaya.com/css/P8/documents/100114335
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
http://www.norman.com/security_center/virus_description_archive/129146/
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
https://bugzilla.redhat.com/show_bug.cgi?id=646997

CPE    56
cpe:/a:mozilla:seamonkey:2.0:rc2
cpe:/a:mozilla:seamonkey:2.0:rc1
cpe:/a:mozilla:seamonkey:2.0:beta_1
cpe:/a:mozilla:seamonkey:2.0:beta_2
...
CWE    1
CWE-119
OVAL    46
oval:org.secpod.oval:def:100009
oval:org.secpod.oval:def:100520
oval:org.secpod.oval:def:100236
oval:org.secpod.oval:def:500444
...

© SecPod Technologies