Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2010-3765
PUBLISHEDMozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before...
5697 days faster than CISA KEV
- Vendor
- Mozilla
- Product
- Firefox, Thunderbird, SeaMonkey
- Published
- Oct 27, 2010
- EPSS
- 86.8% · 99% pctl
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Weaknesses (CWE)
-
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitation status
Exploited in the wild
Recorded 2010-10-27 22:00:00 UTC · CVE
Proof of concept available
Recorded 2025-04-28 15:02:40 UTC
References
- http://www.securityfocus.com/bid/44425
- https://rhn.redhat.com/errata/RHSA-2010-0812.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
- http://www.vupen.com/english/advisories/2010/2837
- https://bugzilla.redhat.com/show_bug.cgi?id=646997
- http://support.avaya.com/css/P8/documents/100114335
- http://secunia.com/advisories/41965
- http://secunia.com/advisories/41975
- http://www.redhat.com/support/errata/RHSA-2010-0896.html
- http://www.redhat.com/support/errata/RHSA-2010-0808.html
- http://www.exploit-db.com/exploits/15341
- http://www.securitytracker.com/id?1024651
- http://secunia.com/advisories/41761
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
- http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
- http://secunia.com/advisories/41969
- http://www.ubuntu.com/usn/USN-1011-3
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
- http://www.ubuntu.com/usn/usn-1011-1
- http://www.securitytracker.com/id?1024650
- http://www.ubuntu.com/usn/USN-1011-2
- http://www.redhat.com/support/errata/RHSA-2010-0809.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
- http://secunia.com/advisories/42867
- http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
- http://www.vupen.com/english/advisories/2010/2857
- http://www.vupen.com/english/advisories/2011/0061
- http://support.avaya.com/css/P8/documents/100114329
- http://www.debian.org/security/2010/dsa-2124
- http://www.securitytracker.com/id?1024645
- http://secunia.com/advisories/42043
- http://www.norman.com/security_center/virus_description_archive/129146/
- http://secunia.com/advisories/41966
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
- http://secunia.com/advisories/42008
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
- http://www.vupen.com/english/advisories/2010/2871
- http://isc.sans.edu/diary.html?storyid=9817
- http://www.redhat.com/support/errata/RHSA-2010-0810.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
- http://www.exploit-db.com/exploits/15352
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
- http://secunia.com/advisories/42003
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
- http://www.redhat.com/support/errata/RHSA-2010-0861.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
- http://www.exploit-db.com/exploits/15342
- http://www.vupen.com/english/advisories/2010/2864
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE First | 2010-10-27 22:00 UTC |
| CISA | 2026-06-02 14:05 UTC |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mozilla_interleaved_write.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Proof of Concept Exploit Available
-
Detected by Metasploit
-
KEV confirmed by CISA