CVE-2010-3765

9.8 CRITICAL CISA KEV - Actively Exploited

Published: October 28, 2010 Modified: October 22, 2025

Description

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/

Source: cve@mitre.org

Vendor Advisory

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

Source: cve@mitre.org

http://isc.sans.edu/diary.html?storyid=9817

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html

Source: cve@mitre.org

http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter

Source: cve@mitre.org

http://secunia.com/advisories/41761

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/41965

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/41966

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/41969

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/41975

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/42003

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/42008

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/42043

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/42867

Source: cve@mitre.org

Vendor Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706

Source: cve@mitre.org

http://support.avaya.com/css/P8/documents/100114329

Source: cve@mitre.org

http://support.avaya.com/css/P8/documents/100114335

Source: cve@mitre.org

http://www.debian.org/security/2010/dsa-2124

Source: cve@mitre.org

http://www.exploit-db.com/exploits/15341

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/15342

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/15352

Source: cve@mitre.org

Exploit

http://www.mandriva.com/security/advisories?name=MDVSA-2010:213

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2010:219

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2010/mfsa2010-73.html

Source: cve@mitre.org

http://www.norman.com/about_norman/press_center/news_archive/2010/129223/

Source: cve@mitre.org

http://www.norman.com/security_center/virus_description_archive/129146/

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2010-0808.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2010-0809.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2010-0810.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2010-0861.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2010-0896.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/44425

Source: cve@mitre.org

http://www.securitytracker.com/id?1024645

Source: cve@mitre.org

http://www.securitytracker.com/id?1024650

Source: cve@mitre.org

http://www.securitytracker.com/id?1024651

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-1011-2

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-1011-3

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-1011-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/2837

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2857

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2864

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2871

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0061

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=607222

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=646997

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108

Source: cve@mitre.org

https://rhn.redhat.com/errata/RHSA-2010-0812.html

Source: cve@mitre.org

http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/