CVE - CVE-2010-3765

CVE-ID
CVE-2010-3765	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
EXPLOIT-DB:15341 URL:http://www.exploit-db.com/exploits/15341 EXPLOIT-DB:15342 URL:http://www.exploit-db.com/exploits/15342 EXPLOIT-DB:15352 URL:http://www.exploit-db.com/exploits/15352 MISC:http://isc.sans.edu/diary.html?storyid=9817 MISC:http://www.norman.com/about_norman/press_center/news_archive/2010/129223/ MISC:http://www.norman.com/security_center/virus_description_archive/129146/ MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53 MISC:http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter CONFIRM:http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=607222 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=646997 CONFIRM:http://www.mozilla.org/security/announce/2010/mfsa2010-73.html CONFIRM:http://support.avaya.com/css/P8/documents/100114329 CONFIRM:http://support.avaya.com/css/P8/documents/100114335 CONFIRM:http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox DEBIAN:DSA-2124 URL:http://www.debian.org/security/2010/dsa-2124 FEDORA:FEDORA-2010-17105 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html FEDORA:FEDORA-2010-16883 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html FEDORA:FEDORA-2010-16885 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html FEDORA:FEDORA-2010-16897 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html MANDRIVA:MDVSA-2010:213 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:213 MANDRIVA:MDVSA-2010:219 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:219 REDHAT:RHSA-2010:0809 URL:http://www.redhat.com/support/errata/RHSA-2010-0809.html REDHAT:RHSA-2010:0810 URL:http://www.redhat.com/support/errata/RHSA-2010-0810.html REDHAT:RHSA-2010:0808 URL:http://www.redhat.com/support/errata/RHSA-2010-0808.html REDHAT:RHSA-2010:0812 URL:https://rhn.redhat.com/errata/RHSA-2010-0812.html REDHAT:RHSA-2010:0861 URL:http://www.redhat.com/support/errata/RHSA-2010-0861.html REDHAT:RHSA-2010:0896 URL:http://www.redhat.com/support/errata/RHSA-2010-0896.html SLACKWARE:SSA:2010-305-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706 UBUNTU:USN-1011-3 URL:http://www.ubuntu.com/usn/USN-1011-3 UBUNTU:USN-1011-1 URL:http://www.ubuntu.com/usn/usn-1011-1 UBUNTU:USN-1011-2 URL:http://www.ubuntu.com/usn/USN-1011-2 BID:44425 URL:http://www.securityfocus.com/bid/44425 OVAL:oval:org.mitre.oval:def:12108 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108 SECTRACK:1024650 URL:http://www.securitytracker.com/id?1024650 SECTRACK:1024651 URL:http://www.securitytracker.com/id?1024651 SECTRACK:1024645 URL:http://www.securitytracker.com/id?1024645 SECUNIA:41966 URL:http://secunia.com/advisories/41966 SECUNIA:41969 URL:http://secunia.com/advisories/41969 SECUNIA:42008 URL:http://secunia.com/advisories/42008 SECUNIA:42043 URL:http://secunia.com/advisories/42043 SECUNIA:41761 URL:http://secunia.com/advisories/41761 SECUNIA:41965 URL:http://secunia.com/advisories/41965 SECUNIA:41975 URL:http://secunia.com/advisories/41975 SECUNIA:42003 URL:http://secunia.com/advisories/42003 SECUNIA:42867 URL:http://secunia.com/advisories/42867 VUPEN:ADV-2010-2871 URL:http://www.vupen.com/english/advisories/2010/2871 VUPEN:ADV-2010-2837 URL:http://www.vupen.com/english/advisories/2010/2837 VUPEN:ADV-2010-2857 URL:http://www.vupen.com/english/advisories/2010/2857 VUPEN:ADV-2010-2864 URL:http://www.vupen.com/english/advisories/2010/2864 VUPEN:ADV-2011-0061 URL:http://www.vupen.com/english/advisories/2011/0061
Assigning CNA
N/A
Date Entry Created
20101005	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101005)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org