Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-3765

Опубликовано: 28 окт. 2010
Источник: nvd
CVSS3: 9.8
CVSS2: 9.3
EPSS Высокий

Описание

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.8721
Высокий

9.8 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-119
CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2010-3765

CVSS3: 9.8
ubuntu
около 15 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

redhat логотип

CVE-2010-3765

redhat
около 15 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

debian логотип

CVE-2010-3765

CVSS3: 9.8
debian
около 15 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunder ...

github логотип

GHSA-cmrc-q43h-xrrq

CVSS3: 9.8
github
больше 3 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

oracle-oval логотип

ELSA-2010-0809

oracle-oval
около 15 лет назад

ELSA-2010-0809: xulrunner security update (CRITICAL)

EPSS

Процентиль: 99%
0.8721
Высокий

9.8 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-119
CWE-119