CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Added: 11/04/2010
CVE: CVE-2010-3765
BID: 44425
OSVDB: 68905
Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.
A memory corruption vulnerability allows command execution when a user loads a specially crafted web page containing DOM insertions interspersed with calls to the document.write function.
Upgrade to Firefox 3.5.15 or 3.6.12 or higher.
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
http://secunia.com/advisories/41957/
Exploit works on Firefox 3.6.11 and requires the user to load the exploit page in Firefox.
It may take some time to establish the shell session.
The exploit works best when the target platform has more than 1G memory.
Windows