Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-3765

Disclosure Date: October 28, 2010
CVE-2010-3765
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
exploit/windows/browser/mozilla_interleaved_write
Reporter
Unknown

References

Canonical
CVE-2010-3765 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765)
BID-44425 (http://www.securityfocus.com/bid/44425)
Advisory
https://rhn.redhat.com/errata/RHSA-2010-0812.html
ADV-2010-2837 (http://www.vupen.com/english/advisories/2010/2837)
https://bugzilla.redhat.com/show_bug.cgi?id=646997
http://support.avaya.com/css/P8/documents/100114335
SECUNIA-41965 (http://secunia.com/advisories/41965)
SECUNIA-41975 (http://secunia.com/advisories/41975)
http://www.redhat.com/support/errata/RHSA-2010-0896.html
http://www.redhat.com/support/errata/RHSA-2010-0808.html
EXPLOIT-DB-15341 (http://www.exploit-db.com/exploits/15341)
SECTRACK-1024651 (http://www.securitytracker.com/id?1024651)
SECUNIA-41761 (http://secunia.com/advisories/41761)
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
FEDORA-2010-17105 (http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html)
SECUNIA-41969 (http://secunia.com/advisories/41969)
USN-1011-3 (http://www.ubuntu.com/usn/USN-1011-3)
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
USN-1011-1 (http://www.ubuntu.com/usn/usn-1011-1)
SECTRACK-1024650 (http://www.securitytracker.com/id?1024650)
USN-1011-2 (http://www.ubuntu.com/usn/USN-1011-2)
http://www.redhat.com/support/errata/RHSA-2010-0809.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
SECUNIA-42867 (http://secunia.com/advisories/42867)
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6
ADV-2010-2857 (http://www.vupen.com/english/advisories/2010/2857)
ADV-2011-0061 (http://www.vupen.com/english/advisories/2011/0061)
http://support.avaya.com/css/P8/documents/100114329
DSA-2124 (http://www.debian.org/security/2010/dsa-2124)
SECTRACK-1024645 (http://www.securitytracker.com/id?1024645)
SECUNIA-42043 (http://secunia.com/advisories/42043)
SECUNIA-41966 (http://secunia.com/advisories/41966)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
SECUNIA-42008 (http://secunia.com/advisories/42008)
FEDORA-2010-16883 (http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html)
ADV-2010-2871 (http://www.vupen.com/english/advisories/2010/2871)
http://www.redhat.com/support/errata/RHSA-2010-0810.html
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
EXPLOIT-DB-15352 (http://www.exploit-db.com/exploits/15352)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
SECUNIA-42003 (http://secunia.com/advisories/42003)
FEDORA-2010-16897 (http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html)
http://www.redhat.com/support/errata/RHSA-2010-0861.html
FEDORA-2010-16885 (http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html)
EXPLOIT-DB-15342 (http://www.exploit-db.com/exploits/15342)
ADV-2010-2864 (http://www.vupen.com/english/advisories/2010/2864)
Miscellaneous
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
http://www.norman.com/about_norman/press_center/news_archive/2010/129223
http://www.norman.com/security_center/virus_description_archive/129146
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
http://isc.sans.edu/diary.html?storyid=9817

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis