Critical severity9.8CISA KEVNVD Advisory· Published Oct 28, 2010· Updated Apr 22, 2026
CVE-2010-3765
CVE-2010-3765
Description
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Affected products
56cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
52- www.exploit-db.com/exploits/15341nvdExploit
- www.exploit-db.com/exploits/15342nvdExploit
- www.exploit-db.com/exploits/15352nvdExploit
- blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.htmlnvdThird Party Advisory
- secunia.com/advisories/41761nvdVendor Advisory
- secunia.com/advisories/41965nvdVendor Advisory
- secunia.com/advisories/41966nvdVendor Advisory
- secunia.com/advisories/41969nvdVendor Advisory
- secunia.com/advisories/41975nvdVendor Advisory
- secunia.com/advisories/42003nvdVendor Advisory
- secunia.com/advisories/42008nvdVendor Advisory
- secunia.com/advisories/42043nvdVendor Advisory
- secunia.com/advisories/42867nvdVendor Advisory
- slackware.com/security/viewer.phpnvdThird Party Advisory
- support.avaya.com/css/P8/documents/100114329nvdThird Party Advisory
- support.avaya.com/css/P8/documents/100114335nvdThird Party Advisory
- www.debian.org/security/2010/dsa-2124nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mozilla.org/security/announce/2010/mfsa2010-73.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0808.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0809.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0810.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0861.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0896.htmlnvdThird Party Advisory
- www.ubuntu.com/usn/USN-1011-2nvdThird Party Advisory
- www.ubuntu.com/usn/USN-1011-3nvdThird Party Advisory
- www.ubuntu.com/usn/usn-1011-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2837nvdVendor Advisory
- www.vupen.com/english/advisories/2010/2857nvdVendor Advisory
- www.vupen.com/english/advisories/2010/2864nvdVendor Advisory
- www.vupen.com/english/advisories/2010/2871nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0061nvdVendor Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108nvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2010-0812.htmlnvdThird Party Advisory
- blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxnvdBroken Link
- isc.sans.edu/diary.htmlnvdPress/Media Coverage
- norman.com/about_norman/press_center/news_archive/2010/129223/ennvdProduct
- www.norman.com/about_norman/press_center/news_archive/2010/129223/nvdBroken Link
- www.norman.com/security_center/virus_description_archive/129146/nvdBroken Link
- www.securityfocus.com/bid/44425nvdBroken Link
- www.securitytracker.com/idnvdBroken Link
- www.securitytracker.com/idnvdBroken Link
- www.securitytracker.com/idnvdBroken Link
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.