PT-2010-5053 · Mozilla+2 · Seamonkey+4

Josh Bressers

·

Publicado

2010-10-27

·

Atualizado

2025-11-07

·

CVE-2010-3765

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.5.x through 3.5.14 Mozilla Firefox versions 3.6.x through 3.6.11 Thunderbird versions 3.0.x through 3.0.9 Thunderbird version 3.1.5 and earlier SeaMonkey versions 2.x before 2.0.10
Description The issue allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption. This was exploited in the wild in October 2010 by the Belmoo malware.
Recommendations For Mozilla Firefox versions 3.5.x through 3.5.14, update to a version later than 3.5.14. For Mozilla Firefox versions 3.6.x through 3.6.11, update to a version later than 3.6.11. For Thunderbird versions 3.0.x through 3.0.9, update to version 3.0.10 or later. For Thunderbird version 3.1.5 and earlier, update to version 3.1.6 or later. For SeaMonkey versions 2.x before 2.0.10, update to version 2.0.10 or later.

Exploit

Correção

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2010-3765
DSA-2124-1
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2010:0808
RHSA-2010:0809
RHSA-2010:0810
RHSA-2010:0812
RHSA-2010:0861
RHSA-2010:0896
RHSA-2010_0808
RHSA-2010_0809
RHSA-2010_0810
RHSA-2010_0812
RHSA-2010_0861
RHSA-2010_0896

Produtos afetados

Firefox
Red Hat
Seamonkey
Suse
Thunderbird