Vulnerability Details : CVE-2010-3765
Public exploit exists!
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Vulnerability category: OverflowMemory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-3765
Probability of exploitation activity in the next 30 days: 97.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-3765
-
Mozilla Firefox Interleaved document.write/appendChild Memory Corruption
Disclosure Date: 2010-10-25First seen: 2020-04-26exploit/windows/browser/mozilla_interleaved_writeThis module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This module was written based on a live exploit found in the wild. Authors: - unknown - scriptjunkie
CVSS scores for CVE-2010-3765
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-3765
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3765
-
http://www.exploit-db.com/exploits/15341
Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service - Multiple dos ExploitExploit
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
mandriva.com
-
http://support.avaya.com/css/P8/documents/100114335
ASA-2010-312 (RHSA-2010-0810)
-
http://www.redhat.com/support/errata/RHSA-2010-0810.html
Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
[SECURITY] Fedora 13 Update: firefox-3.6.12-1.fc13
-
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Critical vulnerability in Firefox 3.5 and Firefox 3.6 | Mozilla Security BlogVendor Advisory
-
http://www.exploit-db.com/exploits/15342
Mozilla Firefox - Simplified Memory Corruption (PoC) - Multiple dos ExploitExploit
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
The Slackware Linux Project: Slackware Security Advisories
-
http://www.norman.com/security_center/virus_description_archive/129146/
404 Page Not Found
-
http://www.vupen.com/english/advisories/2010/2864
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/bid/44425
Mozilla Firefox 3.5/3.6 Remote Heap Buffer Overflow Vulnerability
-
http://www.redhat.com/support/errata/RHSA-2010-0809.html
Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
[SECURITY] Fedora 14 Update: galeon-2.0.7-35.fc14.1
-
http://www.ubuntu.com/usn/USN-1011-2
USN-1011-2: Thunderbird vulnerability | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1011-3
USN-1011-3: Xulrunner vulnerability | Ubuntu security notices
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
mandriva.com
-
http://www.redhat.com/support/errata/RHSA-2010-0861.html
Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
[SECURITY] Fedora 14 Update: seamonkey-2.0.10-1.fc14
-
http://www.redhat.com/support/errata/RHSA-2010-0808.html
Support
-
http://isc.sans.edu/diary.html?storyid=9817
InfoSec Handlers Diary Blog - Firefox news
-
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
Heap buffer overflow mixing document.write and DOM insertion — Mozilla
-
http://www.vupen.com/english/advisories/2010/2837
Webmail | OVH- OVHVendor Advisory
-
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
404 Page Not Found
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2011/0061
Webmail | OVH- OVHVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
607222 - (CVE-2010-3765) Interleaving document.write and appendChild can lead to duplicate text frames and overrunning of text run buffers
-
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
607222 - (CVE-2010-3765) Interleaving document.write and appendChild can lead to duplicate text frames and overrunning of text run buffers
-
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
404 Page Not Found
-
http://www.vupen.com/english/advisories/2010/2857
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2010/2871
Webmail | OVH- OVHVendor Advisory
-
https://rhn.redhat.com/errata/RHSA-2010-0812.html
RHSA-2010:0812 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2010/dsa-2124
Debian -- Security Information -- DSA-2124-1 xulrunner
-
http://support.avaya.com/css/P8/documents/100114329
ASA-2010-311 (RHSA-2010-0808)
-
https://bugzilla.redhat.com/show_bug.cgi?id=646997
646997 – (CVE-2010-3765) CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
-
http://www.securitytracker.com/id?1024651
Mozilla Thunderbird Heap Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.redhat.com/support/errata/RHSA-2010-0896.html
Support
-
http://www.securitytracker.com/id?1024645
Mozilla Firefox Heap Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.exploit-db.com/exploits/15352
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Remote Overflow - Windows remote ExploitExploit
-
http://www.securitytracker.com/id?1024650
Mozilla Seamonkey Heap Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.ubuntu.com/usn/usn-1011-1
USN-1011-1: Firefox vulnerability | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
[SECURITY] Fedora 12 Update: galeon-2.0.7-27.fc12
Products affected by CVE-2010-3765
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*