CVE-2010-3765
CRITICALCVSS 9.8/10Actively ExploitedEPSS 83.28%
Last modified
CVE-2010-3765 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.. CISA has confirmed active exploitation in the wild. EPSS estimates a 83.28% chance of exploitation in the next 30 days.
Description
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 3.5 |
| Mozilla | Firefox | 3.5.1 |
| Mozilla | Firefox | 3.5.2 |
| Mozilla | Firefox | 3.5.3 |
| Mozilla | Firefox | 3.5.4 |
| Mozilla | Firefox | 3.5.5 |
| Mozilla | Firefox | 3.5.6 |
| Mozilla | Firefox | 3.5.7 |
| Mozilla | Firefox | 3.5.8 |
| Mozilla | Firefox | 3.5.9 |
| Mozilla | Firefox | 3.5.10 |
| Mozilla | Firefox | 3.5.11 |
| Mozilla | Firefox | 3.5.12 |
| Mozilla | Firefox | 3.5.13 |
| Mozilla | Firefox | 3.5.14 |
| Mozilla | Firefox | 3.6 |
| Mozilla | Firefox | 3.6.2 |
| Mozilla | Firefox | 3.6.3 |
| Mozilla | Firefox | 3.6.4 |
| Mozilla | Firefox | 3.6.6 |
| Mozilla | Firefox | 3.6.7 |
| Mozilla | Firefox | 3.6.8 |
| Mozilla | Firefox | 3.6.9 |
| Mozilla | Firefox | 3.6.10 |
| Mozilla | Firefox | 3.6.11 |
| Mozilla | Thunderbird | 3.0.1 |
| Mozilla | Thunderbird | 3.0.2 |
| Mozilla | Thunderbird | 3.0.3 |
| Mozilla | Thunderbird | 3.0.4 |
| Mozilla | Thunderbird | 3.0.5 |
| Mozilla | Thunderbird | 3.0.6 |
| Mozilla | Thunderbird | 3.0.7 |
| Mozilla | Thunderbird | 3.0.8 |
| Mozilla | Thunderbird | 3.0.9 |
| Mozilla | Thunderbird | 3.1.1 |
| Mozilla | Thunderbird | 3.1.2 |
| Mozilla | Thunderbird | 3.1.3 |
| Mozilla | Thunderbird | 3.1.4 |
| Mozilla | Thunderbird | 3.1.5 |
| Mozilla | Seamonkey | 2.0 |
| Mozilla | Seamonkey | 2.0.1 |
| Mozilla | Seamonkey | 2.0.2 |
| Mozilla | Seamonkey | 2.0.3 |
| Mozilla | Seamonkey | 2.0.4 |
| Mozilla | Seamonkey | 2.0.5 |
| Mozilla | Seamonkey | 2.0.6 |
| Mozilla | Seamonkey | 2.0.7 |
| Mozilla | Seamonkey | 2.0.8 |
| Mozilla | Seamonkey | 2.0.9 |
References
- http://isc.sans.edu/diary.html?storyid=9817Press/Media Coverage
- http://secunia.com/advisories/41761Vendor Advisory
- http://secunia.com/advisories/41965Vendor Advisory
- http://secunia.com/advisories/41966Vendor Advisory
- http://secunia.com/advisories/41969Vendor Advisory
- http://secunia.com/advisories/41975Vendor Advisory
- http://secunia.com/advisories/42003Vendor Advisory
- http://secunia.com/advisories/42008Vendor Advisory
- http://secunia.com/advisories/42043Vendor Advisory
- http://secunia.com/advisories/42867Vendor Advisory
- http://support.avaya.com/css/P8/documents/100114329Third Party Advisory
- http://support.avaya.com/css/P8/documents/100114335Third Party Advisory
- http://www.debian.org/security/2010/dsa-2124Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:213Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:219Third Party Advisory
- http://www.mozilla.org/security/announce/2010/mfsa2010-73.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0808.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0809.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0810.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0861.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0896.htmlThird Party Advisory
- http://www.securityfocus.com/bid/44425Broken Link
- http://www.securitytracker.com/id?1024645Broken Link
- http://www.securitytracker.com/id?1024650Broken Link
- http://www.securitytracker.com/id?1024651Broken Link
- http://www.ubuntu.com/usn/USN-1011-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1011-3Third Party Advisory
- http://www.ubuntu.com/usn/usn-1011-1Third Party Advisory
- http://www.vupen.com/english/advisories/2010/2837Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2857Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2864Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2871Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0061Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222Issue Tracking
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53Issue Tracking
- https://bugzilla.redhat.com/show_bug.cgi?id=646997Issue Tracking
- https://rhn.redhat.com/errata/RHSA-2010-0812.htmlThird Party Advisory
- http://isc.sans.edu/diary.html?storyid=9817Press/Media Coverage
- http://secunia.com/advisories/41761Vendor Advisory
- http://secunia.com/advisories/41965Vendor Advisory
- http://secunia.com/advisories/41966Vendor Advisory
- http://secunia.com/advisories/41969Vendor Advisory
- http://secunia.com/advisories/41975Vendor Advisory
- http://secunia.com/advisories/42003Vendor Advisory
- http://secunia.com/advisories/42008Vendor Advisory
- http://secunia.com/advisories/42043Vendor Advisory
- http://secunia.com/advisories/42867Vendor Advisory
- http://support.avaya.com/css/P8/documents/100114329Third Party Advisory
- http://support.avaya.com/css/P8/documents/100114335Third Party Advisory
- http://www.debian.org/security/2010/dsa-2124Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:213Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:219Third Party Advisory
- http://www.mozilla.org/security/announce/2010/mfsa2010-73.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0808.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0809.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0810.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0861.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0896.htmlThird Party Advisory
- http://www.securityfocus.com/bid/44425Broken Link
- http://www.securitytracker.com/id?1024645Broken Link
- http://www.securitytracker.com/id?1024650Broken Link
- http://www.securitytracker.com/id?1024651Broken Link
- http://www.ubuntu.com/usn/USN-1011-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1011-3Third Party Advisory
- http://www.ubuntu.com/usn/usn-1011-1Third Party Advisory
- http://www.vupen.com/english/advisories/2010/2837Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2857Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2864Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2871Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0061Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222Issue Tracking
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53Issue Tracking
- https://bugzilla.redhat.com/show_bug.cgi?id=646997Issue Tracking
- https://rhn.redhat.com/errata/RHSA-2010-0812.htmlThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2010-3765?
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
How severe is CVE-2010-3765?
CVE-2010-3765 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 83.28% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.
How do I fix CVE-2010-3765?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2010-3765?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST