CVE-2010-3765

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score81.0820%

EPSS Percentile91.94th

Published2010年10月28日

Last Modified2026年4月22日

Vulnerability Description

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Affected Platforms (CPE)

📦

Mozilla

Firefox

= 3.5

📦

Mozilla

Firefox

= 3.5.1

📦

Mozilla

Firefox

= 3.5.2

📦

Mozilla

Firefox

= 3.5.3

📦

Mozilla

Firefox

= 3.5.4

📦

Mozilla

Firefox

= 3.5.5

📦

Mozilla

Firefox

= 3.5.6

📦

Mozilla

Firefox

= 3.5.7

📦

Mozilla

Firefox

= 3.5.8

📦

Mozilla

Firefox

= 3.5.9

📦

Mozilla

Firefox

= 3.5.10

📦

Mozilla

Firefox

= 3.5.11

📦

Mozilla

Firefox

= 3.5.12

📦

Mozilla

Firefox

= 3.5.13

📦

Mozilla

Firefox

= 3.5.14

📦

Mozilla

Firefox

= 3.6

📦

Mozilla

Firefox

= 3.6.2

📦

Mozilla

Firefox

= 3.6.3

📦

Mozilla

Firefox

= 3.6.4

📦

Mozilla

Firefox

= 3.6.6

📦

Mozilla

Firefox

= 3.6.7

📦

Mozilla

Firefox

= 3.6.8

📦

Mozilla

Firefox

= 3.6.9

📦

Mozilla

Firefox

= 3.6.10

📦

Mozilla

Firefox

= 3.6.11

📦

Mozilla

Thunderbird

= 3.0.1

📦

Mozilla

Thunderbird

= 3.0.2

📦

Mozilla

Thunderbird

= 3.0.3

📦

Mozilla

Thunderbird

= 3.0.4

📦

Mozilla

Thunderbird

= 3.0.5

📦

Mozilla

Thunderbird

= 3.0.6

📦

Mozilla

Thunderbird

= 3.0.7

📦

Mozilla

Thunderbird

= 3.0.8

📦

Mozilla

Thunderbird

= 3.0.9

📦

Mozilla

Thunderbird

= 3.1.1

📦

Mozilla

Thunderbird

= 3.1.2

📦

Mozilla

Thunderbird

= 3.1.3

📦

Mozilla

Thunderbird

= 3.1.4

📦

Mozilla

Thunderbird

= 3.1.5

📦

Mozilla

Seamonkey

= 2.0

📦

Mozilla

Seamonkey

= 2.0

📦

Mozilla

Seamonkey

= 2.0

📦

Mozilla

Seamonkey

= 2.0

📦

Mozilla

Seamonkey

= 2.0

📦

Mozilla

Seamonkey

= 2.0

📦

Mozilla

Seamonkey

= 2.0

📦

Mozilla

Seamonkey

= 2.0

📦

Mozilla

Seamonkey

= 2.0.1

📦

Mozilla

Seamonkey

= 2.0.2

📦

Mozilla

Seamonkey

= 2.0.3

📦

Mozilla

Seamonkey

= 2.0.4

📦

Mozilla

Seamonkey

= 2.0.5

📦

Mozilla

Seamonkey

= 2.0.6

📦

Mozilla

Seamonkey

= 2.0.7

📦

Mozilla

Seamonkey

= 2.0.8

📦

Mozilla

Seamonkey

= 2.0.9

References & Advisories

🔗 http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/

🔗 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

🔗 http://isc.sans.edu/diary.html?storyid=9817

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html

🔗 http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter

Vulnerability Description

Affected Platforms (CPE)

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

Seamonkey

References & Advisories

関連する脆弱性情報