Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-3765

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Oct, 2010 | 22:00
Updated At-22 Oct, 2025 | 00:05
Rejected At-
Credits

Mozilla Multiple Products Remote Code Execution Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Mozilla CorporationMozilla
Product:Multiple Products
Added At:06 Oct, 2025
Due At:27 Oct, 2025

Mozilla Multiple Products Remote Code Execution Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.

Used in Ransomware

:

Unknown

CWE

:
N/A

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes:

https://www.mozilla.org/en-US/security/advisories/mfsa2010-73 ; https://nvd.nist.gov/vuln/detail/CVE-2010-3765
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Oct, 2010 | 22:00
Updated At:22 Oct, 2025 | 00:05
Rejected At:
▼CVE Numbering Authority (CNA)

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/44425
vdb-entry
x_refsource_BID
https://rhn.redhat.com/errata/RHSA-2010-0812.html
vendor-advisory
x_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
x_refsource_MISC
http://www.vupen.com/english/advisories/2010/2837
vdb-entry
x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=646997
x_refsource_CONFIRM
http://support.avaya.com/css/P8/documents/100114335
x_refsource_CONFIRM
http://secunia.com/advisories/41965
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/41975
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-0896.html
vendor-advisory
x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2010-0808.html
vendor-advisory
x_refsource_REDHAT
http://www.exploit-db.com/exploits/15341
exploit
x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id?1024651
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/41761
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
vendor-advisory
x_refsource_FEDORA
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
x_refsource_MISC
http://secunia.com/advisories/41969
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1011-3
vendor-advisory
x_refsource_UBUNTU
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
x_refsource_CONFIRM
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
x_refsource_MISC
http://www.ubuntu.com/usn/usn-1011-1
vendor-advisory
x_refsource_UBUNTU
http://www.securitytracker.com/id?1024650
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1011-2
vendor-advisory
x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2010-0809.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/42867
third-party-advisory
x_refsource_SECUNIA
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/2857
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0061
vdb-entry
x_refsource_VUPEN
http://support.avaya.com/css/P8/documents/100114329
x_refsource_CONFIRM
http://www.debian.org/security/2010/dsa-2124
vendor-advisory
x_refsource_DEBIAN
http://www.securitytracker.com/id?1024645
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/42043
third-party-advisory
x_refsource_SECUNIA
http://www.norman.com/security_center/virus_description_archive/129146/
x_refsource_MISC
http://secunia.com/advisories/41966
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/42008
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
vendor-advisory
x_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
vendor-advisory
x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2010/2871
vdb-entry
x_refsource_VUPEN
http://isc.sans.edu/diary.html?storyid=9817
x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2010-0810.html
vendor-advisory
x_refsource_REDHAT
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
x_refsource_CONFIRM
http://www.exploit-db.com/exploits/15352
exploit
x_refsource_EXPLOIT-DB
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/42003
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
vendor-advisory
x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2010-0861.html
vendor-advisory
x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
vendor-advisory
x_refsource_FEDORA
http://www.exploit-db.com/exploits/15342
exploit
x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2010/2864
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/44425
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0812.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
Resource:
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2010/2837
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=646997
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.avaya.com/css/P8/documents/100114335
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/41965
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/41975
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0896.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0808.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.exploit-db.com/exploits/15341
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securitytracker.com/id?1024651
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/41761
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/41969
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-1011-3
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
Resource:
x_refsource_MISC
Hyperlink: http://www.ubuntu.com/usn/usn-1011-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securitytracker.com/id?1024650
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/USN-1011-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0809.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/42867
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/2857
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2011/0061
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://support.avaya.com/css/P8/documents/100114329
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2010/dsa-2124
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securitytracker.com/id?1024645
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/42043
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.norman.com/security_center/virus_description_archive/129146/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/41966
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/42008
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.vupen.com/english/advisories/2010/2871
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://isc.sans.edu/diary.html?storyid=9817
Resource:
x_refsource_MISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0810.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.exploit-db.com/exploits/15352
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/42003
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0861.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.exploit-db.com/exploits/15342
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.vupen.com/english/advisories/2010/2864
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/44425
vdb-entry
x_refsource_BID
x_transferred
https://rhn.redhat.com/errata/RHSA-2010-0812.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
x_refsource_MISC
x_transferred
http://www.vupen.com/english/advisories/2010/2837
vdb-entry
x_refsource_VUPEN
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=646997
x_refsource_CONFIRM
x_transferred
http://support.avaya.com/css/P8/documents/100114335
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/41965
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/41975
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0896.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0808.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.exploit-db.com/exploits/15341
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securitytracker.com/id?1024651
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/41761
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
x_refsource_MISC
x_transferred
http://secunia.com/advisories/41969
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-1011-3
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
x_refsource_CONFIRM
x_transferred
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
x_refsource_MISC
x_transferred
http://www.ubuntu.com/usn/usn-1011-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securitytracker.com/id?1024650
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/USN-1011-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0809.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/42867
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/2857
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2011/0061
vdb-entry
x_refsource_VUPEN
x_transferred
http://support.avaya.com/css/P8/documents/100114329
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2010/dsa-2124
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securitytracker.com/id?1024645
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/42043
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.norman.com/security_center/virus_description_archive/129146/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/41966
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/42008
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.vupen.com/english/advisories/2010/2871
vdb-entry
x_refsource_VUPEN
x_transferred
http://isc.sans.edu/diary.html?storyid=9817
x_refsource_MISC
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0810.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
x_refsource_CONFIRM
x_transferred
http://www.exploit-db.com/exploits/15352
exploit
x_refsource_EXPLOIT-DB
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/42003
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0861.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.exploit-db.com/exploits/15342
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.vupen.com/english/advisories/2010/2864
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/44425
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0812.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2837
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=646997
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.avaya.com/css/P8/documents/100114335
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/41965
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/41975
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0896.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0808.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/15341
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securitytracker.com/id?1024651
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/41761
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/41969
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1011-3
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-1011-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securitytracker.com/id?1024650
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1011-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0809.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/42867
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2857
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0061
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://support.avaya.com/css/P8/documents/100114329
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2010/dsa-2124
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1024645
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/42043
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.norman.com/security_center/virus_description_archive/129146/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/41966
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/42008
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2871
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://isc.sans.edu/diary.html?storyid=9817
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0810.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/15352
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/42003
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0861.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/15342
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2864
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2025-10-06
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2010-3765 added to CISA KEV2025-10-06 00:00:00
Event: CVE-2010-3765 added to CISA KEV
Date: 2025-10-06 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765
Resource:
government-resource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Oct, 2010 | 00:00
Updated At:22 Oct, 2025 | 01:15

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2025-10-062025-10-27Mozilla Multiple Products Remote Code Execution VulnerabilityApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Date Added: 2025-10-06
Due Date: 2025-10-27
Vulnerability Name: Mozilla Multiple Products Remote Code Execution Vulnerability
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>3.5
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.1
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.2
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.3
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.4
cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.5
cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.6
cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.7
cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.8
cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.9
cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.10
cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.11
cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.12
cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.13
cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.14
cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6
cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.2
cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.3
cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.4
cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.6
cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.7
cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.8
cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.9
cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.10
cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.11
cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.1
cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.2
cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.3
cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.4
cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.5
cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.6
cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.7
cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.8
cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.9
cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.1
cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.2
cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.3
cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.4
cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.5
cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0.1
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0.2
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0.3
cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE-119Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/cve@mitre.org
Vendor Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxcve@mitre.org
N/A
http://isc.sans.edu/diary.html?storyid=9817cve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.htmlcve@mitre.org
N/A
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twittercve@mitre.org
N/A
http://secunia.com/advisories/41761cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/41965cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/41966cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/41969cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/41975cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/42003cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/42008cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/42043cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/42867cve@mitre.org
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706cve@mitre.org
N/A
http://support.avaya.com/css/P8/documents/100114329cve@mitre.org
N/A
http://support.avaya.com/css/P8/documents/100114335cve@mitre.org
N/A
http://www.debian.org/security/2010/dsa-2124cve@mitre.org
N/A
http://www.exploit-db.com/exploits/15341cve@mitre.org
Exploit
http://www.exploit-db.com/exploits/15342cve@mitre.org
Exploit
http://www.exploit-db.com/exploits/15352cve@mitre.org
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219cve@mitre.org
N/A
http://www.mozilla.org/security/announce/2010/mfsa2010-73.htmlcve@mitre.org
N/A
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/cve@mitre.org
N/A
http://www.norman.com/security_center/virus_description_archive/129146/cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0808.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0809.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0810.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0861.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0896.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/44425cve@mitre.org
N/A
http://www.securitytracker.com/id?1024645cve@mitre.org
N/A
http://www.securitytracker.com/id?1024650cve@mitre.org
N/A
http://www.securitytracker.com/id?1024651cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1011-2cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1011-3cve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-1011-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/2837cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2857cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2864cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2871cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0061cve@mitre.org
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=607222cve@mitre.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=646997cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108cve@mitre.org
N/A
https://rhn.redhat.com/errata/RHSA-2010-0812.htmlcve@mitre.org
N/A
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxaf854a3a-2127-422b-91ae-364da2661108
N/A
http://isc.sans.edu/diary.html?storyid=9817af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitteraf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/41761af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/41965af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/41966af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/41969af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/41975af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42003af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42008af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42043af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42867af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/css/P8/documents/100114329af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/css/P8/documents/100114335af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2010/dsa-2124af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.exploit-db.com/exploits/15341af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.exploit-db.com/exploits/15342af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.exploit-db.com/exploits/15352af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mozilla.org/security/announce/2010/mfsa2010-73.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.norman.com/security_center/virus_description_archive/129146/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0808.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0809.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0810.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0861.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0896.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/44425af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1024645af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1024650af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1024651af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1011-2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1011-3af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-1011-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/2837af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2857af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2864af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2871af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0061af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=607222af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=646997af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108af854a3a-2127-422b-91ae-364da2661108
N/A
https://rhn.redhat.com/errata/RHSA-2010-0812.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://isc.sans.edu/diary.html?storyid=9817
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/41761
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41965
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41966
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41969
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41975
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42003
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42008
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42043
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42867
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100114329
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100114335
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2010/dsa-2124
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/15341
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/15342
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/15352
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.norman.com/security_center/virus_description_archive/129146/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0808.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0809.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0810.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0861.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0896.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/44425
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024645
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024650
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024651
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1011-2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1011-3
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-1011-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/2837
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2857
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2864
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2871
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0061
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=646997
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0812.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://isc.sans.edu/diary.html?storyid=9817
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/41761
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41965
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41966
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41969
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41975
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42003
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42008
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42043
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42867
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100114329
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100114335
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2010/dsa-2124
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/15341
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/15342
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/15352
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.norman.com/security_center/virus_description_archive/129146/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0808.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0809.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0810.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0861.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0896.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/44425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024645
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024650
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024651
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1011-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1011-3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-1011-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/2837
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2857
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2864
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2871
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0061
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=646997
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0812.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3844Records found
CVE-2018-5127
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-20.18% / 95.35%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5090
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.03% / 83.45%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5177
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.28%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5187
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.34% / 84.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/Linux
Product-firefoxthunderbirddebian_linuxubuntu_linuxThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5151
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.72% / 87.71%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5186
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.70% / 81.97%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5094
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-35.43% / 96.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5126
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.04% / 83.51%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5093
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-35.43% / 96.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5125
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.07% / 77.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5188
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.03% / 86.34%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5150
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.92% / 88.03%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusthunderbird_esrfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdThunderbird ESRFirefoxFirefox ESR
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5178
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-18.16% / 95.03%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbird_esrthunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbird ESRFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-6436
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.08% / 23.19%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 12:28
Updated-13 Nov, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox 140 and Thunderbird 140

Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 140 and Thunderbird < 140.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-18502
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.50% / 88.87%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7779
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.62%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-18501
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.63% / 89.04%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxthunderbirddebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-18503
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-2.30% / 84.42%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-18493
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.30% / 95.96%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-3864
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-1.07% / 77.32%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 15:14
Updated-01 Apr, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxdebian_linuxThunderbirdFirefoxFirefox ESRfirefoxthunderbirdfirefox_esr
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0444
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.57% / 92.21%
||
7 Day CHG~0.00%
Published-01 Feb, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

Action-Not Available
Vendor-n/aMozilla CorporationSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-ubuntu_linuxdebian_linuxopensuselinux_enterprise_software_development_kitfirefoxlinux_enterprise_serverthunderbirdlinux_enterprise_desktopseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0441
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.58% / 87.47%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrseamonkeythunderbirdfirefoxnetwork_security_servicesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5290
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.78%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-thunderbirddebian_linuxfirefoxThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5256
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.71% / 82.00%
||
7 Day CHG~0.00%
Published-22 Sep, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5289
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.81% / 82.50%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1969
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.47% / 64.11%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla Corporation
Product-graphite2firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2801
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.90%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxgraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2791
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.90%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxgraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2814
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-2.14% / 83.85%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2797
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.82%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2792
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.90%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2798
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.90%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2805
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.92% / 75.59%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2806
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.78% / 82.36%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEDebian GNU/Linux
Product-leapopensusefirefoxdebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2818
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.06%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSERed Hat, Inc.Debian GNU/LinuxNovellCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_eusfirefoxenterprise_linux_server_eusenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_little_endiansuse_linux_enterprise_desktopdebian_linuxenterprise_linux_for_power_big_endianenterprise_linux_server_ausenterprise_linux_for_ibm_z_systemsleapopensuseenterprise_linux_desktopubuntu_linuxsuse_linux_enterprise_serverenterprise_linux_for_scientific_computingsuse_package_hub_for_suse_linux_enterpriseenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2837
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.40% / 60.03%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-firefoxlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1526
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-8.1||HIGH
EPSS-0.76% / 72.90%
||
7 Day CHG~0.00%
Published-13 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationFedora ProjectDebian GNU/Linux
Product-fedorafirefoxgraphite2thunderbirddebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1944
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.83% / 85.86%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSE
Product-leapfirefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1931
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||CRITICAL
EPSS-2.54% / 85.14%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSE
Product-leapfirefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1950
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.87% / 82.75%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEApple Inc.Oracle Corporation
Product-iplanet_web_proxy_serveriplanet_web_serverfirefoxopensusewatchosvm_servernetwork_security_serviceslinuxiphone_osmac_os_xtvosglassfish_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1977
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.60%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxgraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1974
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.49% / 65.17%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusethunderbirdlinuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1957
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.29%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSENovell
Product-leapopensusefirefoxsuse_package_hub_for_suse_linux_enterprisethunderbirdlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1970
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.90%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-windowsfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1959
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.89% / 75.18%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7175
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.71%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7202
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.91% / 82.97%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-fedoraleapfirefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7198
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.87% / 87.96%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7189
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.50% / 87.33%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2015-7178
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.52% / 80.95%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-windowsfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • ...
  • 10
  • 11
  • 12
  • ...
  • 76
  • 77
  • Next
Details not found