← back
CVE-2010-3765

CVE-2010-3765

CVSS 9.8 CRITICALEPSS 83.3%● KEVCWE-119
In short

Firefox, Thunderbird, and SeaMonkey allow remote attackers to execute arbitrary code through malformed JavaScript that corrupts memory by incorrectly managing frames created during DOM manipulation. This vulnerability was actively exploited by the Belmoo malware in October 2010.

Technical detail

A memory corruption vulnerability in the CSS frame constructor (nsCSSFrameConstructor::ContentAppended) allows remote code execution when JavaScript is enabled. The flaw occurs due to incorrect index tracking during appendChild operations and multiple frame creation, enabling attackers to corrupt heap memory and achieve arbitrary code execution. This vulnerability affects Firefox 3.5.x–3.5.14 and 3.6.x–3.6.11, Thunderbird 3.0.x–3.0.9 and 3.1.x before 3.1.6, and SeaMonkey 2.x before 2.0.10.

Summary generated and translated by AI from the official description.
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found7
cve_referencewww.exploit-db.com/exploits/15341unverifiedcve_referencewww.exploit-db.com/exploits/15342unverifiedcve_referencewww.exploit-db.com/exploits/15352unverifiedexploitdbwww.exploit-db.com/exploits/15341unverifiedexploitdbwww.exploit-db.com/exploits/15342unverifiedexploitdbwww.exploit-db.com/exploits/16509unverifiedexploitdbwww.exploit-db.com/exploits/15352unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxhttp://isc.sans.edu/diary.html?storyid=9817http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.htmlhttp://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitterhttps://bugzilla.mozilla.org/show_bug.cgi?id=607222https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53https://bugzilla.redhat.com/show_bug.cgi?id=646997http://secunia.com/advisories/41761