CVE-2010-3765

KEV

🔴 Łataj teraz

Błąd w JavaScript w Mozilla Firefox i Thunderbird umożliwia zdalne wykonanie kodu.

CVSS

9.8

EPSS

87.2%

Exploit

weaponized

Vendor

mozilla

Opis źródłowy (NVD)

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

exploit Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.8
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	87.2%
Opublikowano (NVD)	2010-10-28 00:00:05 UTC
Ostatnia modyfikacja (NVD)	2026-04-22 14:15:57 UTC

Referencje

http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ (cve@mitre.org) [Vendor Advisory]
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox (cve@mitre.org) [Broken Link]
http://isc.sans.edu/diary.html?storyid=9817 (cve@mitre.org) [Press/Media Coverage]
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html (cve@mitre.org) [Third Party Advisory]
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html (cve@mitre.org) [Third Party Advisory]
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html (cve@mitre.org) [Third Party Advisory]
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html (cve@mitre.org) [Third Party Advisory]
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter (cve@mitre.org) [Product]
http://secunia.com/advisories/41761 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/41965 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/41966 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/41969 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/41975 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/42003 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/42008 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/42043 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/42867 (cve@mitre.org) [Vendor Advisory]
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706 (cve@mitre.org) [Third Party Advisory]
http://support.avaya.com/css/P8/documents/100114329 (cve@mitre.org) [Third Party Advisory]
http://support.avaya.com/css/P8/documents/100114335 (cve@mitre.org) [Third Party Advisory]
http://www.debian.org/security/2010/dsa-2124 (cve@mitre.org) [Third Party Advisory]
http://www.exploit-db.com/exploits/15341 (cve@mitre.org) [Exploit]
http://www.exploit-db.com/exploits/15342 (cve@mitre.org) [Exploit]
http://www.exploit-db.com/exploits/15352 (cve@mitre.org) [Exploit]
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213 (cve@mitre.org) [Third Party Advisory]
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219 (cve@mitre.org) [Third Party Advisory]
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html (cve@mitre.org) [Third Party Advisory]
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/ (cve@mitre.org) [Broken Link]
http://www.norman.com/security_center/virus_description_archive/129146/ (cve@mitre.org) [Broken Link]
http://www.redhat.com/support/errata/RHSA-2010-0808.html (cve@mitre.org) [Third Party Advisory]
http://www.redhat.com/support/errata/RHSA-2010-0809.html (cve@mitre.org) [Third Party Advisory]
http://www.redhat.com/support/errata/RHSA-2010-0810.html (cve@mitre.org) [Third Party Advisory]
http://www.redhat.com/support/errata/RHSA-2010-0861.html (cve@mitre.org) [Third Party Advisory]
http://www.redhat.com/support/errata/RHSA-2010-0896.html (cve@mitre.org) [Third Party Advisory]
http://www.securityfocus.com/bid/44425 (cve@mitre.org) [Broken Link]
http://www.securitytracker.com/id?1024645 (cve@mitre.org) [Broken Link]
http://www.securitytracker.com/id?1024650 (cve@mitre.org) [Broken Link]
http://www.securitytracker.com/id?1024651 (cve@mitre.org) [Broken Link]
http://www.ubuntu.com/usn/USN-1011-2 (cve@mitre.org) [Third Party Advisory]
http://www.ubuntu.com/usn/USN-1011-3 (cve@mitre.org) [Third Party Advisory]
http://www.ubuntu.com/usn/usn-1011-1 (cve@mitre.org) [Third Party Advisory]
http://www.vupen.com/english/advisories/2010/2837 (cve@mitre.org) [Vendor Advisory]
http://www.vupen.com/english/advisories/2010/2857 (cve@mitre.org) [Vendor Advisory]
http://www.vupen.com/english/advisories/2010/2864 (cve@mitre.org) [Vendor Advisory]
http://www.vupen.com/english/advisories/2010/2871 (cve@mitre.org) [Vendor Advisory]
http://www.vupen.com/english/advisories/2011/0061 (cve@mitre.org) [Vendor Advisory]
https://bugzilla.mozilla.org/show_bug.cgi?id=607222 (cve@mitre.org) [Issue Tracking]
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53 (cve@mitre.org) [Issue Tracking]
https://bugzilla.redhat.com/show_bug.cgi?id=646997 (cve@mitre.org) [Issue Tracking]
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108 (cve@mitre.org) [Third Party Advisory]
https://rhn.redhat.com/errata/RHSA-2010-0812.html (cve@mitre.org) [Third Party Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]