CVE-2010-3765
critical-risk
Published 2010-10-28
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Do I need to act?
!
87.2% chance of exploitation in next 30 days
EPSS score — higher than 13% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (103)
Vendor Advisory
http://secunia.com/advisories/41761
Vendor Advisory
http://secunia.com/advisories/41965
Vendor Advisory
http://secunia.com/advisories/41966
Vendor Advisory
http://secunia.com/advisories/41969
Vendor Advisory
http://secunia.com/advisories/41975
Vendor Advisory
http://secunia.com/advisories/42003
Vendor Advisory
http://secunia.com/advisories/42008
Vendor Advisory
http://secunia.com/advisories/42043
Vendor Advisory
http://secunia.com/advisories/42867
and 83 more references
Get this data via API
curl -H "Authorization: Bearer YOUR_KEY" \
https://cyber.phasetransitions.ai/api/v1/cves/CVE-2010-3765
Free tier: 100 requests/day, no credit card.
92
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
34/34 · Critical
Exposure
26/34 · High