Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-3765

Опубликовано: 28 окт. 2010
Источник: redhat
CVSS2: 6.8
EPSS Высокий

Описание

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux Extended Update Support 4.8firefoxAffected
Red Hat Enterprise Linux Extended Update Support 5.5xulrunnerAffected
Red Hat Enterprise Linux 3seamonkeyFixedRHSA-2010:081027.10.2010
Red Hat Enterprise Linux 4firefoxFixedRHSA-2010:080827.10.2010
Red Hat Enterprise Linux 4seamonkeyFixedRHSA-2010:081027.10.2010
Red Hat Enterprise Linux 4thunderbirdFixedRHSA-2010:081229.10.2010
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2010:080927.10.2010
Red Hat Enterprise Linux 5thunderbirdFixedRHSA-2010:081229.10.2010
Red Hat Enterprise Linux 6firefoxFixedRHSA-2010:086110.11.2010
Red Hat Enterprise Linux 6xulrunnerFixedRHSA-2010:086110.11.2010

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
https://bugzilla.redhat.com/show_bug.cgi?id=646997Firefox race condition flaw (MFSA 2010-73)

EPSS

Процентиль: 99%
0.87562
Высокий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-3765

ubuntu
больше 14 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

nvd логотип

CVE-2010-3765

nvd
больше 14 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

debian логотип

CVE-2010-3765

debian
больше 14 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunder ...

github логотип

GHSA-cmrc-q43h-xrrq

github
около 3 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

oracle-oval логотип

ELSA-2010-0809

oracle-oval
больше 14 лет назад

ELSA-2010-0809: xulrunner security update (CRITICAL)

EPSS

Процентиль: 99%
0.87562
Высокий

6.8 Medium

CVSS2