|Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11,
Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey
to execute arbitrary code via vectors related to
nsCSSFrameConstructor::ContentAppended, the appendChild method,
incorrect index tracking, and the creation of multiple frames, which
triggers memory corruption, as exploited in the wild in October 2010
by the Belmoo malware.