Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
isc.sans.edu/diary.html?storyid=9817
lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
secunia.com/advisories/41761
secunia.com/advisories/41965
secunia.com/advisories/41966
secunia.com/advisories/41969
secunia.com/advisories/41975
secunia.com/advisories/42003
secunia.com/advisories/42008
secunia.com/advisories/42043
secunia.com/advisories/42867
slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
support.avaya.com/css/P8/documents/100114329
support.avaya.com/css/P8/documents/100114335
www.debian.org/security/2010/dsa-2124
www.exploit-db.com/exploits/15341
www.exploit-db.com/exploits/15342
www.exploit-db.com/exploits/15352
www.mandriva.com/security/advisories?name=MDVSA-2010:213
www.mandriva.com/security/advisories?name=MDVSA-2010:219
www.mozilla.org/security/announce/2010/mfsa2010-73.html
www.norman.com/about_norman/press_center/news_archive/2010/129223/
www.norman.com/security_center/virus_description_archive/129146/
www.redhat.com/support/errata/RHSA-2010-0808.html
www.redhat.com/support/errata/RHSA-2010-0809.html
www.redhat.com/support/errata/RHSA-2010-0810.html
www.redhat.com/support/errata/RHSA-2010-0861.html
www.redhat.com/support/errata/RHSA-2010-0896.html
www.securityfocus.com/bid/44425
www.securitytracker.com/id?1024645
www.securitytracker.com/id?1024650
www.securitytracker.com/id?1024651
www.ubuntu.com/usn/usn-1011-1
www.ubuntu.com/usn/USN-1011-2
www.ubuntu.com/usn/USN-1011-3
www.vupen.com/english/advisories/2010/2837
www.vupen.com/english/advisories/2010/2857
www.vupen.com/english/advisories/2010/2864
www.vupen.com/english/advisories/2010/2871
www.vupen.com/english/advisories/2011/0061
bugzilla.mozilla.org/show_bug.cgi?id=607222
bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
bugzilla.redhat.com/show_bug.cgi?id=646997
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
rhn.redhat.com/errata/RHSA-2010-0812.html