1
PublicDateAtUSN: 2010-10-27
2
Candidate: CVE-2010-3765
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765
6
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
7
https://usn.ubuntu.com/usn/usn-1011-1
8
https://usn.ubuntu.com/usn/usn-1011-2
9
https://usn.ubuntu.com/usn/usn-1011-3
11
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird
12
3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before
13
2.0.10, when JavaScript is enabled, allows remote attackers to execute
14
arbitrary code via vectors related to
15
nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect
16
index tracking, and the creation of multiple frames, which triggers memory
17
corruption, as exploited in the wild in October 2010 by the Belmoo malware.
20
jdstrand> 0-day exploit in wild for Windows. Presumed that other platforms
21
will follow soon. It is unclear if compiler and kernel protections will
22
protect against this, and upstream considers this extremely serious.
25
Discovered-by: Morten Krakvik
26
Assigned-to: chriscoulson, jdstrand
29
upstream_firefox: released (3.6.12)
30
dapper_firefox: ignored (reached end-of-life)
31
hardy_firefox: ignored (uses system xulrunner)
33
lucid_firefox: released (3.6.12+build1+nobinonly-0ubuntu0.10.04.1)
34
maverick_firefox: released (3.6.12+build1+nobinonly-0ubuntu0.10.10.1)
35
devel_firefox: released (3.6.12+build1+nobinonly-0ubuntu0.10.10.1)
38
upstream_firefox-3.0: needs-triage (Ubuntu source uses 3.6.x)
39
dapper_firefox-3.0: DNE
40
hardy_firefox-3.0: released (3.6.12+build1+nobinonly-0ubuntu0.8.04.1)
41
karmic_firefox-3.0: DNE
42
lucid_firefox-3.0: DNE
43
maverick_firefox-3.0: DNE
44
devel_firefox-3.0: DNE
47
upstream_firefox-3.5: needs-triage (Ubuntu source uses 3.6.x)
48
dapper_firefox-3.5: DNE
49
hardy_firefox-3.5: DNE
50
karmic_firefox-3.5: released (3.6.12+build1+nobinonly-0ubuntu0.9.10.1)
51
lucid_firefox-3.5: DNE
52
maverick_firefox-3.5: DNE
53
devel_firefox-3.5: DNE
56
Patches_xulrunner-1.9.2:
57
upstream_xulrunner-1.9.2: released (1.9.2.12)
58
dapper_xulrunner-1.9.2: DNE
59
hardy_xulrunner-1.9.2: released (1.9.2.12+build1+nobinonly-0ubuntu0.8.04.1)
60
karmic_xulrunner-1.9.2: released (1.9.2.12+build1+nobinonly-0ubuntu0.9.10.1)
61
lucid_xulrunner-1.9.2: released (1.9.2.12+build1+nobinonly-0ubuntu0.10.04.1)
62
maverick_xulrunner-1.9.2: released (1.9.2.12+build1+nobinonly-0ubuntu0.10.10.1)
63
devel_xulrunner-1.9.2: released (1.9.2.12+build1+nobinonly-0ubuntu0.10.10.1)
67
upstream_seamonkey: released (2.0.10)
69
hardy_seamonkey: released (2.0.10+build1+nobinonly-0ubuntu0.8.04.1)
70
karmic_seamonkey: released (2.0.10+build1+nobinonly-0ubuntu0.9.10.1)
71
lucid_seamonkey: released (2.0.10+build1+nobinonly-0ubuntu0.10.04.1)
72
maverick_seamonkey: released (2.0.10+build1+nobinonly-0ubuntu0.10.10.1)
73
devel_seamonkey: released (2.0.10+build1+nobinonly-0ubuntu0.10.10.1)
77
Priority_thunderbird: medium
78
upstream_thunderbird: released (3.0.10, 3.1.6)
79
dapper_thunderbird: DNE
80
hardy_thunderbird: released (2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2)
81
karmic_thunderbird: released (2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3)
82
lucid_thunderbird: released (3.0.10+build1+nobinonly-0ubuntu0.10.04.1)
83
maverick_thunderbird: released (3.1.6+build1+nobinonly-0ubuntu0.10.10.1)
84
devel_thunderbird: released (3.1.6+build1+nobinonly-0ubuntu0.10.10.1)