CVE-2010-3765

Priority
Description
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird
3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before
2.0.10, when JavaScript is enabled, allows remote attackers to execute
arbitrary code via vectors related to
nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect
index tracking, and the creation of multiple frames, which triggers memory
corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Assigned-to
chriscoulson, jdstrand
Notes
jdstrand0-day exploit in wild for Windows. Presumed that other platforms
will follow soon. It is unclear if compiler and kernel protections will
protect against this, and upstream considers this extremely serious.
Package
Upstream:released (3.6.12)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:released (2.0.10)
Package
Priority: Medium
Upstream:released (3.0.10, 3.1.6)
Package
Upstream:released (1.9.2.12)
More Information

Updated: 2019-12-05 20:55:47 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)