[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3765Date: (C)2010-10-27   (M)2024-03-27


Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1024645
SECTRACK-1024650
SECTRACK-1024651
EXPLOIT-DB-15341
EXPLOIT-DB-15342
EXPLOIT-DB-15352
SECUNIA-41761
SECUNIA-41965
SECUNIA-41966
SECUNIA-41969
SECUNIA-41975
SECUNIA-42003
SECUNIA-42008
SECUNIA-42043
SECUNIA-42867
BID-44425
ADV-2010-2837
ADV-2010-2857
ADV-2010-2864
ADV-2010-2871
ADV-2011-0061
DSA-2124
FEDORA-2010-16883
FEDORA-2010-16885
FEDORA-2010-16897
FEDORA-2010-17105
MDVSA-2010:213
MDVSA-2010:219
RHSA-2010:0808
RHSA-2010:0809
RHSA-2010:0810
RHSA-2010:0812
RHSA-2010:0861
RHSA-2010:0896
SSA:2010-305-01
USN-1011-1
USN-1011-2
USN-1011-3
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://isc.sans.edu/diary.html?storyid=9817
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
http://support.avaya.com/css/P8/documents/100114329
http://support.avaya.com/css/P8/documents/100114335
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
http://www.norman.com/security_center/virus_description_archive/129146/
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
https://bugzilla.redhat.com/show_bug.cgi?id=646997
oval:org.mitre.oval:def:12108

CPE    56
cpe:/a:mozilla:firefox:3.5.7
cpe:/a:mozilla:firefox:3.5.8
cpe:/a:mozilla:firefox:3.5.5
cpe:/a:mozilla:firefox:3.5.6
...
CWE    1
CWE-119
OVAL    46
oval:org.secpod.oval:def:100915
oval:org.secpod.oval:def:100009
oval:org.secpod.oval:def:200132
oval:org.secpod.oval:def:200011
...

© SecPod Technologies