Lucene search

PRIOn knowledge basePRION:CVE-2010-3765

HistoryOct 28, 2010 - 12:00 a.m.

Memory corruption

2010-10-2800:00:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

JSON

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

CPENameOperatorVersion
firefoxeq3.5.3
firefoxeq3.5.6
firefoxeq3.5
firefoxeq3.5.5
firefoxeq3.5.9
firefoxeq3.5.4
firefoxeq3.5.7
firefoxeq3.5.11
firefoxeq3.5.14
firefoxeq3.5.10

Name	Operator	Version
firefox	eq	3.5.3
firefox	eq	3.5.6
firefox	eq	3.5
firefox	eq	3.5.5
firefox	eq	3.5.9
firefox	eq	3.5.4
firefox	eq	3.5.7
firefox	eq	3.5.11
firefox	eq	3.5.14
firefox	eq	3.5.10

Rows per page:

1-10 of 561

References

blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/

blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

isc.sans.edu/diary.html?storyid=9817

norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter

secunia.com/advisories/41761

secunia.com/advisories/41965

secunia.com/advisories/41966

secunia.com/advisories/41969

secunia.com/advisories/41975

secunia.com/advisories/42003

secunia.com/advisories/42008

secunia.com/advisories/42043

secunia.com/advisories/42867

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706

support.avaya.com/css/P8/documents/100114329

support.avaya.com/css/P8/documents/100114335

www.debian.org/security/2010/dsa-2124

www.mandriva.com/security/advisories?name=MDVSA-2010:213

www.mandriva.com/security/advisories?name=MDVSA-2010:219

www.mozilla.org/security/announce/2010/mfsa2010-73.html

www.norman.com/about_norman/press_center/news_archive/2010/129223/

www.norman.com/security_center/virus_description_archive/129146/

www.redhat.com/support/errata/RHSA-2010-0808.html

www.redhat.com/support/errata/RHSA-2010-0809.html

www.redhat.com/support/errata/RHSA-2010-0810.html

www.redhat.com/support/errata/RHSA-2010-0861.html

www.redhat.com/support/errata/RHSA-2010-0896.html

www.securityfocus.com/bid/44425

www.securitytracker.com/id?1024645

www.securitytracker.com/id?1024650

www.securitytracker.com/id?1024651

www.ubuntu.com/usn/usn-1011-1

www.ubuntu.com/usn/USN-1011-2

www.ubuntu.com/usn/USN-1011-3

www.vupen.com/english/advisories/2010/2837

www.vupen.com/english/advisories/2010/2857

www.vupen.com/english/advisories/2010/2864

www.vupen.com/english/advisories/2010/2871

www.vupen.com/english/advisories/2011/0061

bugzilla.mozilla.org/show_bug.cgi?id=607222

bugzilla.redhat.com/show_bug.cgi?id=646997

lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108

rhn.redhat.com/errata/RHSA-2010-0812.html

www.exploit-db.com/exploits/15341

www.exploit-db.com/exploits/15342

www.exploit-db.com/exploits/15352