Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.

CPENameOperatorVersion
firefoxlt3.5.15
firefoxlt3.6.12
seamonkeylt2.0.10
thunderbirdlt3.0.10
thunderbirdlt3.1.6

Name	Operator	Version
firefox	lt	3.5.15
firefox	lt	3.6.12
seamonkey	lt	2.0.10
thunderbird	lt	3.0.10
thunderbird	lt	3.1.6

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765

bugzilla.mozilla.org/show_bug.cgi?id=607222

nessus 51

fedora 21

prion 1

openvas 79

packetstorm 3

redhat 6

securityvulns 2

ubuntu 3

centos 4

saint 4

veracode 1

seebug 2

checkpoint_advisories 2

freebsd 1

oraclelinux 4

cve 1

ubuntucve 1

canvas 1

exploitpack 1

exploitdb 1

osv 1

debian 1

suse 2

gentoo 1

nessus

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : xulrunner-1.9.1, xulrunner-1.9.2 vulnerability (USN-1011-3)

2010-10-29 00:00:00

RHEL 3 / 4 : seamonkey (RHSA-2010:0810)

2010-10-28 00:00:00

SeaMonkey < 2.0.10 Buffer Overflow

2010-10-28 00:00:00

fedora

[SECURITY] Fedora 13 Update: perl-Gtk2-MozEmbed-0.08-6.fc13.19

2010-10-28 22:15:22

[SECURITY] Fedora 13 Update: gnome-python2-extras-2.25.3-24.fc13

2010-10-28 22:15:22

[SECURITY] Fedora 13 Update: galeon-2.0.7-35.fc13

2010-10-28 22:15:22

prion

Memory corruption

2010-10-28 00:00:00

openvas

Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16883

2010-11-04 00:00:00

Fedora Update for galeon FEDORA-2010-16883

2010-11-04 00:00:00

RedHat Update for thunderbird RHSA-2010:0812-01

2010-11-04 00:00:00

packetstorm

Firefox Interleaving Denial Of Service

2010-10-28 00:00:00

Firefox Memory Corruption

2010-10-29 00:00:00

Mozilla Firefox Interleaving document.write / appendChild Code Execution

2011-02-19 00:00:00

redhat

(RHSA-2010:0812) Moderate: thunderbird security update

2010-10-28 00:00:00

(RHSA-2010:0809) Critical: xulrunner security update

2010-10-27 00:00:00

(RHSA-2010:0808) Critical: firefox security update

2010-10-27 00:00:00

securityvulns

Mozilla Foundation Security Advisory 2010-73

2010-11-01 00:00:00

Mozilla Firefox / Thunderbird / Seamonkey buffer overflow

2010-11-01 00:00:00

ubuntu

Xulrunner vulnerability

2010-10-29 00:00:00

Thunderbird vulnerability

2010-10-28 00:00:00

Firefox vulnerability

2010-10-28 00:00:00

centos

firefox security update

2010-10-28 22:36:12

seamonkey security update

2010-10-28 22:32:32

thunderbird security update

2010-11-01 21:24:26

saint

Mozilla Firefox document.write and DOM insertion memory corruption

2010-11-04 00:00:00

Mozilla Firefox document.write and DOM insertion memory corruption

2010-11-04 00:00:00

Mozilla Firefox document.write and DOM insertion memory corruption

2010-11-04 00:00:00

veracode

Arbitrary Code Execution

2020-04-10 00:47:44

seebug

Mozilla Firefox document.write()方式堆溢出漏洞

2010-11-01 00:00:00

Firefox Memory Corruption Proof of Concept (Simplified)

2010-10-29 00:00:00

checkpoint_advisories

Mozilla Firefox document.write And DOM Insertions Memory Corruption (CVE-2010-3765)

2011-03-09 00:00:00

Mozilla Firefox document.write And DOM Insertions Memory Corruption - Ver2 (CVE-2010-3765)

2014-12-28 00:00:00

freebsd

mozilla -- Heap buffer overflow mixing document.write and DOM insertion

2010-10-27 00:00:00

oraclelinux

firefox security update

2010-10-28 00:00:00

seamonkey security update

2010-10-28 00:00:00

xulrunner security update

2010-10-28 00:00:00

cve

CVE-2010-3765

2010-10-28 00:00:00

ubuntucve

CVE-2010-3765

2010-10-27 00:00:00

canvas

Immunity Canvas: FIREFOX_APPENDCHILD

2010-10-28 00:00:00

exploitpack

Mozilla Firefox - Simplified Memory Corruption (PoC)

2010-10-28 00:00:00

exploitdb

Mozilla Firefox - Simplified Memory Corruption (PoC)

2010-10-28 00:00:00

osv

xulrunner - several vulnerabilities

2010-11-01 00:00:00

debian

[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities

2010-11-01 20:38:35

suse

remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird

2010-11-08 11:27:17

Firefox update to 31.1esr (important)

2014-09-09 18:04:16

gentoo

Mozilla Products: Multiple vulnerabilities

2013-01-08 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Related for MFSA2010-73