← Back to CVEs

CVE-2010-3765

CRITICALCISA KEV

9.8

Description

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published10/28/2010

Last Modified10/22/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorMozilla

ProductMultiple Products

Vulnerability NameMozilla Multiple Products Remote Code Execution Vulnerability

KEV Date Added2025-10-06

Remediation Due Date2025-10-27

Ransomware UseUnknown

Affected Products

mozilla:firefoxmozilla:seamonkeymozilla:thunderbird

Weaknesses (CWE)

CWE-119CWE-119

References

http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/(cve@mitre.org)

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox(cve@mitre.org)

http://isc.sans.edu/diary.html?storyid=9817(cve@mitre.org)

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html(cve@mitre.org)

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html(cve@mitre.org)

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html(cve@mitre.org)

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html(cve@mitre.org)

http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter(cve@mitre.org)

http://secunia.com/advisories/41761(cve@mitre.org)

http://secunia.com/advisories/41965(cve@mitre.org)

http://secunia.com/advisories/41966(cve@mitre.org)

http://secunia.com/advisories/41969(cve@mitre.org)

http://secunia.com/advisories/41975(cve@mitre.org)

http://secunia.com/advisories/42003(cve@mitre.org)

http://secunia.com/advisories/42008(cve@mitre.org)

http://secunia.com/advisories/42043(cve@mitre.org)

http://secunia.com/advisories/42867(cve@mitre.org)

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706(cve@mitre.org)

http://support.avaya.com/css/P8/documents/100114329(cve@mitre.org)

http://support.avaya.com/css/P8/documents/100114335(cve@mitre.org)

http://www.debian.org/security/2010/dsa-2124(cve@mitre.org)

http://www.exploit-db.com/exploits/15341(cve@mitre.org)

http://www.exploit-db.com/exploits/15342(cve@mitre.org)

http://www.exploit-db.com/exploits/15352(cve@mitre.org)

http://www.mandriva.com/security/advisories?name=MDVSA-2010:213(cve@mitre.org)

http://www.mandriva.com/security/advisories?name=MDVSA-2010:219(cve@mitre.org)

http://www.mozilla.org/security/announce/2010/mfsa2010-73.html(cve@mitre.org)

http://www.norman.com/about_norman/press_center/news_archive/2010/129223/(cve@mitre.org)

http://www.norman.com/security_center/virus_description_archive/129146/(cve@mitre.org)

http://www.redhat.com/support/errata/RHSA-2010-0808.html(cve@mitre.org)

http://www.redhat.com/support/errata/RHSA-2010-0809.html(cve@mitre.org)

http://www.redhat.com/support/errata/RHSA-2010-0810.html(cve@mitre.org)

http://www.redhat.com/support/errata/RHSA-2010-0861.html(cve@mitre.org)

http://www.redhat.com/support/errata/RHSA-2010-0896.html(cve@mitre.org)

http://www.securityfocus.com/bid/44425(cve@mitre.org)

http://www.securitytracker.com/id?1024645(cve@mitre.org)

http://www.securitytracker.com/id?1024650(cve@mitre.org)

http://www.securitytracker.com/id?1024651(cve@mitre.org)

http://www.ubuntu.com/usn/USN-1011-2(cve@mitre.org)

http://www.ubuntu.com/usn/USN-1011-3(cve@mitre.org)

http://www.ubuntu.com/usn/usn-1011-1(cve@mitre.org)

http://www.vupen.com/english/advisories/2010/2837(cve@mitre.org)

http://www.vupen.com/english/advisories/2010/2857(cve@mitre.org)

http://www.vupen.com/english/advisories/2010/2864(cve@mitre.org)

http://www.vupen.com/english/advisories/2010/2871(cve@mitre.org)

http://www.vupen.com/english/advisories/2011/0061(cve@mitre.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=607222(cve@mitre.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53(cve@mitre.org)

https://bugzilla.redhat.com/show_bug.cgi?id=646997(cve@mitre.org)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108(cve@mitre.org)

https://rhn.redhat.com/errata/RHSA-2010-0812.html(cve@mitre.org)

http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/(af854a3a-2127-422b-91ae-364da2661108)

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox(af854a3a-2127-422b-91ae-364da2661108)

http://isc.sans.edu/diary.html?storyid=9817(af854a3a-2127-422b-91ae-364da2661108)

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html(af854a3a-2127-422b-91ae-364da2661108)

http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/41761(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/41965(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/41966(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/41969(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/41975(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/42003(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/42008(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/42043(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/42867(af854a3a-2127-422b-91ae-364da2661108)

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706(af854a3a-2127-422b-91ae-364da2661108)

http://support.avaya.com/css/P8/documents/100114329(af854a3a-2127-422b-91ae-364da2661108)

http://support.avaya.com/css/P8/documents/100114335(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2010/dsa-2124(af854a3a-2127-422b-91ae-364da2661108)

http://www.exploit-db.com/exploits/15341(af854a3a-2127-422b-91ae-364da2661108)

http://www.exploit-db.com/exploits/15342(af854a3a-2127-422b-91ae-364da2661108)

http://www.exploit-db.com/exploits/15352(af854a3a-2127-422b-91ae-364da2661108)

http://www.mandriva.com/security/advisories?name=MDVSA-2010:213(af854a3a-2127-422b-91ae-364da2661108)

http://www.mandriva.com/security/advisories?name=MDVSA-2010:219(af854a3a-2127-422b-91ae-364da2661108)

http://www.mozilla.org/security/announce/2010/mfsa2010-73.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.norman.com/about_norman/press_center/news_archive/2010/129223/(af854a3a-2127-422b-91ae-364da2661108)

http://www.norman.com/security_center/virus_description_archive/129146/(af854a3a-2127-422b-91ae-364da2661108)

http://www.redhat.com/support/errata/RHSA-2010-0808.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.redhat.com/support/errata/RHSA-2010-0809.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.redhat.com/support/errata/RHSA-2010-0810.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.redhat.com/support/errata/RHSA-2010-0861.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.redhat.com/support/errata/RHSA-2010-0896.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/44425(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id?1024645(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id?1024650(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id?1024651(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-1011-2(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-1011-3(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/usn-1011-1(af854a3a-2127-422b-91ae-364da2661108)

http://www.vupen.com/english/advisories/2010/2837(af854a3a-2127-422b-91ae-364da2661108)

http://www.vupen.com/english/advisories/2010/2857(af854a3a-2127-422b-91ae-364da2661108)

http://www.vupen.com/english/advisories/2010/2864(af854a3a-2127-422b-91ae-364da2661108)

http://www.vupen.com/english/advisories/2010/2871(af854a3a-2127-422b-91ae-364da2661108)

http://www.vupen.com/english/advisories/2011/0061(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=607222(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.redhat.com/show_bug.cgi?id=646997(af854a3a-2127-422b-91ae-364da2661108)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108(af854a3a-2127-422b-91ae-364da2661108)

https://rhn.redhat.com/errata/RHSA-2010-0812.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.