Critical severity9.8CISA KEVNVD Advisory· Published Oct 28, 2010· Updated Jun 16, 2026
CVE-2010-3765
CVE-2010-3765
Description
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
62cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
- (no CPE)range: <=3.5.14, <=3.6.11
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- (no CPE)range: <2.0.10
cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*
- (no CPE)range: <3.1.6, <3.0.10
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
Patches
Vulnerability mechanics
References
52- www.exploit-db.com/exploits/15341nvdExploit
- www.exploit-db.com/exploits/15342nvdExploit
- www.exploit-db.com/exploits/15352nvdExploit
- blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.htmlnvdThird Party Advisory
- secunia.com/advisories/41761nvdVendor Advisory
- secunia.com/advisories/41965nvdVendor Advisory
- secunia.com/advisories/41966nvdVendor Advisory
- secunia.com/advisories/41969nvdVendor Advisory
- secunia.com/advisories/41975nvdVendor Advisory
- secunia.com/advisories/42003nvdVendor Advisory
- secunia.com/advisories/42008nvdVendor Advisory
- secunia.com/advisories/42043nvdVendor Advisory
- secunia.com/advisories/42867nvdVendor Advisory
- slackware.com/security/viewer.phpnvdThird Party Advisory
- support.avaya.com/css/P8/documents/100114329nvdThird Party Advisory
- support.avaya.com/css/P8/documents/100114335nvdThird Party Advisory
- www.debian.org/security/2010/dsa-2124nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mozilla.org/security/announce/2010/mfsa2010-73.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0808.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0809.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0810.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0861.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0896.htmlnvdThird Party Advisory
- www.ubuntu.com/usn/USN-1011-2nvdThird Party Advisory
- www.ubuntu.com/usn/USN-1011-3nvdThird Party Advisory
- www.ubuntu.com/usn/usn-1011-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2837nvdVendor Advisory
- www.vupen.com/english/advisories/2010/2857nvdVendor Advisory
- www.vupen.com/english/advisories/2010/2864nvdVendor Advisory
- www.vupen.com/english/advisories/2010/2871nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0061nvdVendor Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108nvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2010-0812.htmlnvdThird Party Advisory
- blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxnvdBroken Link
- isc.sans.edu/diary.htmlnvdPress/Media Coverage
- norman.com/about_norman/press_center/news_archive/2010/129223/ennvdProduct
- www.norman.com/about_norman/press_center/news_archive/2010/129223/nvdBroken Link
- www.norman.com/security_center/virus_description_archive/129146/nvdBroken Link
- www.securityfocus.com/bid/44425nvdBroken Link
- www.securitytracker.com/idnvdBroken Link
- www.securitytracker.com/idnvdBroken Link
- www.securitytracker.com/idnvdBroken Link
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.