Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-3765

Опубликовано: 28 окт. 2010
Источник: ubuntu
Приоритет: high
EPSS Высокий
CVSS2: 9.3

Описание

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

РелизСтатусПримечание
dapper

ignored

end of life
devel

released

3.6.12+build1+nobinonly-0ubuntu0.10.10.1
hardy

ignored

end of life
karmic

DNE

lucid

released

3.6.12+build1+nobinonly-0ubuntu0.10.04.1
maverick

released

3.6.12+build1+nobinonly-0ubuntu0.10.10.1
upstream

released

3.6.12

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

released

3.6.12+build1+nobinonly-0ubuntu0.8.04.1
karmic

DNE

lucid

DNE

maverick

DNE

upstream

needs-triage

Ubuntu source uses 3.6.x

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

DNE

karmic

released

3.6.12+build1+nobinonly-0ubuntu0.9.10.1
lucid

DNE

maverick

DNE

upstream

needs-triage

Ubuntu source uses 3.6.x

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

2.0.10+build1+nobinonly-0ubuntu0.10.10.1
hardy

released

2.0.10+build1+nobinonly-0ubuntu0.8.04.1
karmic

released

2.0.10+build1+nobinonly-0ubuntu0.9.10.1
lucid

released

2.0.10+build1+nobinonly-0ubuntu0.10.04.1
maverick

released

2.0.10+build1+nobinonly-0ubuntu0.10.10.1
upstream

released

2.0.10

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

3.1.6+build1+nobinonly-0ubuntu0.10.10.1
hardy

released

2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2
karmic

released

2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3
lucid

released

3.0.10+build1+nobinonly-0ubuntu0.10.04.1
maverick

released

3.1.6+build1+nobinonly-0ubuntu0.10.10.1
upstream

released

3.0.10, 3.1.6

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

1.9.2.12+build1+nobinonly-0ubuntu0.10.10.1
hardy

released

1.9.2.12+build1+nobinonly-0ubuntu0.8.04.1
karmic

released

1.9.2.12+build1+nobinonly-0ubuntu0.9.10.1
lucid

released

1.9.2.12+build1+nobinonly-0ubuntu0.10.04.1
maverick

released

1.9.2.12+build1+nobinonly-0ubuntu0.10.10.1
upstream

released

1.9.2.12

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.87562
Высокий

9.3 Critical

CVSS2

Связанные уязвимости

redhat логотип

CVE-2010-3765

redhat
больше 14 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

nvd логотип

CVE-2010-3765

nvd
больше 14 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

debian логотип

CVE-2010-3765

debian
больше 14 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunder ...

github логотип

GHSA-cmrc-q43h-xrrq

github
около 3 лет назад

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

oracle-oval логотип

ELSA-2010-0809

oracle-oval
больше 14 лет назад

ELSA-2010-0809: xulrunner security update (CRITICAL)

EPSS

Процентиль: 99%
0.87562
Высокий

9.3 Critical

CVSS2

Уязвимость CVE-2010-3765