Remote code execution in Mozilla Firefox

Published: 2010-10-27 14:21:10 | Updated: 2017-02-01
Severity Critical
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2010-3765
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Mozilla Firefox
Mozilla Thunderbird
Vulnerable software versions Mozilla Firefox 3.5
Mozilla Firefox 3.5.14
Mozilla Firefox 3.5.13

Show more

SeaMonkey 2.0
SeaMonkey 2.0.9
SeaMonkey 2.0.8

Show more

Mozilla Thunderbird 3.0
Mozilla Thunderbird 3.0.9
Mozilla Thunderbird 3.0.8

Show more

Vendor URL Mozilla

Security Advisory

1) Heap-based buffer overflow


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within nsCSSFrameConstructor::ContentAppended. A remote attacker can create a specially crafted web page containing specially crafted document.write and appendChild calls, cause heap-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being actively exploited.


Install the following software versions:

  • Firefox 3.5.15
  • Firefox 3.6.12
  • SeaMonkey 2.0.10
  • Thunderbird 3.0.10
  • Thunderbird 3.1.6

External links

Back to List