CVE - CVE-2010-3765

CVE-ID
CVE-2010-3765	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:44425 URL:http://www.securityfocus.com/bid/44425 CONFIRM:http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ CONFIRM:~~http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox~~ (Obsolete source) CONFIRM:http://support.avaya.com/css/P8/documents/100114329 CONFIRM:http://support.avaya.com/css/P8/documents/100114335 CONFIRM:http://www.mozilla.org/security/announce/2010/mfsa2010-73.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=607222 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=646997 DEBIAN:DSA-2124 URL:http://www.debian.org/security/2010/dsa-2124 EXPLOIT-DB:15341 URL:http://www.exploit-db.com/exploits/15341 EXPLOIT-DB:15342 URL:http://www.exploit-db.com/exploits/15342 EXPLOIT-DB:15352 URL:http://www.exploit-db.com/exploits/15352 FEDORA:FEDORA-2010-16883 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html FEDORA:FEDORA-2010-16885 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html FEDORA:FEDORA-2010-16897 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html FEDORA:FEDORA-2010-17105 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html MANDRIVA:MDVSA-2010:213 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:213~~ (Obsolete source) MANDRIVA:MDVSA-2010:219 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:219~~ (Obsolete source) MISC:http://isc.sans.edu/diary.html?storyid=9817 MISC:http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter MISC:http://www.norman.com/about_norman/press_center/news_archive/2010/129223/ MISC:http://www.norman.com/security_center/virus_description_archive/129146/ MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53 OVAL:oval:org.mitre.oval:def:12108 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108 REDHAT:RHSA-2010:0808 URL:http://www.redhat.com/support/errata/RHSA-2010-0808.html REDHAT:RHSA-2010:0809 URL:http://www.redhat.com/support/errata/RHSA-2010-0809.html REDHAT:RHSA-2010:0810 URL:http://www.redhat.com/support/errata/RHSA-2010-0810.html REDHAT:RHSA-2010:0812 URL:https://rhn.redhat.com/errata/RHSA-2010-0812.html REDHAT:RHSA-2010:0861 URL:http://www.redhat.com/support/errata/RHSA-2010-0861.html REDHAT:RHSA-2010:0896 URL:http://www.redhat.com/support/errata/RHSA-2010-0896.html SECTRACK:1024645 URL:http://www.securitytracker.com/id?1024645 SECTRACK:1024650 URL:http://www.securitytracker.com/id?1024650 SECTRACK:1024651 URL:http://www.securitytracker.com/id?1024651 SECUNIA:41761 URL:http://secunia.com/advisories/41761 SECUNIA:41965 URL:http://secunia.com/advisories/41965 SECUNIA:41966 URL:http://secunia.com/advisories/41966 SECUNIA:41969 URL:http://secunia.com/advisories/41969 SECUNIA:41975 URL:http://secunia.com/advisories/41975 SECUNIA:42003 URL:http://secunia.com/advisories/42003 SECUNIA:42008 URL:http://secunia.com/advisories/42008 SECUNIA:42043 URL:http://secunia.com/advisories/42043 SECUNIA:42867 URL:http://secunia.com/advisories/42867 SLACKWARE:SSA:2010-305-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706 UBUNTU:USN-1011-1 URL:http://www.ubuntu.com/usn/usn-1011-1 UBUNTU:USN-1011-2 URL:http://www.ubuntu.com/usn/USN-1011-2 UBUNTU:USN-1011-3 URL:http://www.ubuntu.com/usn/USN-1011-3 VUPEN:ADV-2010-2837 URL:~~http://www.vupen.com/english/advisories/2010/2837~~ (Obsolete source) VUPEN:ADV-2010-2857 URL:~~http://www.vupen.com/english/advisories/2010/2857~~ (Obsolete source) VUPEN:ADV-2010-2864 URL:~~http://www.vupen.com/english/advisories/2010/2864~~ (Obsolete source) VUPEN:ADV-2010-2871 URL:~~http://www.vupen.com/english/advisories/2010/2871~~ (Obsolete source) VUPEN:ADV-2011-0061 URL:~~http://www.vupen.com/english/advisories/2011/0061~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20101005	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101005)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)