CVE-2010-3765

Description

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	10.10 maverick	Fixed 3.6.12+build1+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 3.6.12+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Not in release
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life
firefox-3.0	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Fixed 3.6.12+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
firefox-3.5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Fixed 3.6.12+build1+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
seamonkey	10.10 maverick	Fixed 2.0.10+build1+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 2.0.10+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 2.0.10+build1+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Fixed 2.0.10+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
thunderbird	10.10 maverick	Fixed 3.1.6+build1+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 3.0.10+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3
	8.04 LTS hardy	Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2
	6.06 LTS dapper	Not in release
xulrunner-1.9.2	10.10 maverick	Fixed 1.9.2.12+build1+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 1.9.2.12+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 1.9.2.12+build1+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Fixed 1.9.2.12+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release

Notes

jdstrand

0-day exploit in wild for Windows. Presumed that other platforms will follow soon. It is unclear if compiler and kernel protections will protect against this, and upstream considers this extremely serious.

Severity score breakdown

Parameter	Value
Base score	9.8 · Critical
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-1011-1
Firefox vulnerability
28 October 2010

USN-1011-3
Xulrunner vulnerability
29 October 2010

USN-1011-2
Thunderbird vulnerability
28 October 2010

Cvss 3 Severity Score