Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-3765

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Oct, 2010 | 22:00
Updated At-22 Oct, 2025 | 00:05
Rejected At-
Credits

Mozilla Multiple Products Remote Code Execution Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Mozilla CorporationMozilla
Product:Multiple Products
Added At:06 Oct, 2025
Due At:27 Oct, 2025

Mozilla Multiple Products Remote Code Execution Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.

Used in Ransomware

:

Unknown

CWE

:
N/A

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes:

https://www.mozilla.org/en-US/security/advisories/mfsa2010-73 ; https://nvd.nist.gov/vuln/detail/CVE-2010-3765
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Oct, 2010 | 22:00
Updated At:22 Oct, 2025 | 00:05
Rejected At:
▼CVE Numbering Authority (CNA)

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/44425
vdb-entry
x_refsource_BID
https://rhn.redhat.com/errata/RHSA-2010-0812.html
vendor-advisory
x_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
x_refsource_MISC
http://www.vupen.com/english/advisories/2010/2837
vdb-entry
x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=646997
x_refsource_CONFIRM
http://support.avaya.com/css/P8/documents/100114335
x_refsource_CONFIRM
http://secunia.com/advisories/41965
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/41975
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-0896.html
vendor-advisory
x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2010-0808.html
vendor-advisory
x_refsource_REDHAT
http://www.exploit-db.com/exploits/15341
exploit
x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id?1024651
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/41761
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
vendor-advisory
x_refsource_FEDORA
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
x_refsource_MISC
http://secunia.com/advisories/41969
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1011-3
vendor-advisory
x_refsource_UBUNTU
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
x_refsource_CONFIRM
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
x_refsource_MISC
http://www.ubuntu.com/usn/usn-1011-1
vendor-advisory
x_refsource_UBUNTU
http://www.securitytracker.com/id?1024650
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1011-2
vendor-advisory
x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2010-0809.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/42867
third-party-advisory
x_refsource_SECUNIA
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/2857
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0061
vdb-entry
x_refsource_VUPEN
http://support.avaya.com/css/P8/documents/100114329
x_refsource_CONFIRM
http://www.debian.org/security/2010/dsa-2124
vendor-advisory
x_refsource_DEBIAN
http://www.securitytracker.com/id?1024645
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/42043
third-party-advisory
x_refsource_SECUNIA
http://www.norman.com/security_center/virus_description_archive/129146/
x_refsource_MISC
http://secunia.com/advisories/41966
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/42008
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
vendor-advisory
x_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
vendor-advisory
x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2010/2871
vdb-entry
x_refsource_VUPEN
http://isc.sans.edu/diary.html?storyid=9817
x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2010-0810.html
vendor-advisory
x_refsource_REDHAT
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
x_refsource_CONFIRM
http://www.exploit-db.com/exploits/15352
exploit
x_refsource_EXPLOIT-DB
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/42003
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
vendor-advisory
x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2010-0861.html
vendor-advisory
x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
vendor-advisory
x_refsource_FEDORA
http://www.exploit-db.com/exploits/15342
exploit
x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2010/2864
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/44425
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0812.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
Resource:
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2010/2837
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=646997
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.avaya.com/css/P8/documents/100114335
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/41965
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/41975
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0896.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0808.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.exploit-db.com/exploits/15341
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securitytracker.com/id?1024651
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/41761
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/41969
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-1011-3
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
Resource:
x_refsource_MISC
Hyperlink: http://www.ubuntu.com/usn/usn-1011-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securitytracker.com/id?1024650
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/USN-1011-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0809.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/42867
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/2857
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2011/0061
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://support.avaya.com/css/P8/documents/100114329
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2010/dsa-2124
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securitytracker.com/id?1024645
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/42043
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.norman.com/security_center/virus_description_archive/129146/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/41966
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/42008
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.vupen.com/english/advisories/2010/2871
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://isc.sans.edu/diary.html?storyid=9817
Resource:
x_refsource_MISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0810.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.exploit-db.com/exploits/15352
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/42003
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0861.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.exploit-db.com/exploits/15342
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.vupen.com/english/advisories/2010/2864
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/44425
vdb-entry
x_refsource_BID
x_transferred
https://rhn.redhat.com/errata/RHSA-2010-0812.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
x_refsource_MISC
x_transferred
http://www.vupen.com/english/advisories/2010/2837
vdb-entry
x_refsource_VUPEN
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=646997
x_refsource_CONFIRM
x_transferred
http://support.avaya.com/css/P8/documents/100114335
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/41965
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/41975
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0896.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0808.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.exploit-db.com/exploits/15341
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securitytracker.com/id?1024651
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/41761
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=607222
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
x_refsource_MISC
x_transferred
http://secunia.com/advisories/41969
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-1011-3
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
x_refsource_CONFIRM
x_transferred
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
x_refsource_MISC
x_transferred
http://www.ubuntu.com/usn/usn-1011-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securitytracker.com/id?1024650
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/USN-1011-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0809.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/42867
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/2857
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2011/0061
vdb-entry
x_refsource_VUPEN
x_transferred
http://support.avaya.com/css/P8/documents/100114329
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2010/dsa-2124
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securitytracker.com/id?1024645
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/42043
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.norman.com/security_center/virus_description_archive/129146/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/41966
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/42008
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.vupen.com/english/advisories/2010/2871
vdb-entry
x_refsource_VUPEN
x_transferred
http://isc.sans.edu/diary.html?storyid=9817
x_refsource_MISC
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0810.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
x_refsource_CONFIRM
x_transferred
http://www.exploit-db.com/exploits/15352
exploit
x_refsource_EXPLOIT-DB
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/42003
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0861.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.exploit-db.com/exploits/15342
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.vupen.com/english/advisories/2010/2864
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/44425
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0812.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2837
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=646997
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.avaya.com/css/P8/documents/100114335
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/41965
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/41975
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0896.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0808.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/15341
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securitytracker.com/id?1024651
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/41761
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/41969
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1011-3
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-1011-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securitytracker.com/id?1024650
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1011-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0809.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/42867
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2857
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0061
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://support.avaya.com/css/P8/documents/100114329
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2010/dsa-2124
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1024645
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/42043
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.norman.com/security_center/virus_description_archive/129146/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/41966
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/42008
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2871
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://isc.sans.edu/diary.html?storyid=9817
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0810.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/15352
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/42003
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0861.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/15342
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2864
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2025-10-06
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2010-3765 added to CISA KEV2025-10-06 00:00:00
Event: CVE-2010-3765 added to CISA KEV
Date: 2025-10-06 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765
Resource:
government-resource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Oct, 2010 | 00:00
Updated At:22 Oct, 2025 | 01:15

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2025-10-062025-10-27Mozilla Multiple Products Remote Code Execution VulnerabilityApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Date Added: 2025-10-06
Due Date: 2025-10-27
Vulnerability Name: Mozilla Multiple Products Remote Code Execution Vulnerability
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>3.5
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.1
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.2
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.3
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.4
cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.5
cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.6
cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.7
cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.8
cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.9
cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.10
cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.11
cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.12
cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.13
cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.5.14
cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6
cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.2
cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.3
cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.4
cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.6
cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.7
cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.8
cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.9
cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.10
cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>3.6.11
cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.1
cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.2
cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.3
cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.4
cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.5
cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.6
cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.7
cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.8
cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.0.9
cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.1
cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.2
cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.3
cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.4
cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>3.1.5
cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0.1
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0.2
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0.3
cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE-119Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/cve@mitre.org
Vendor Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxcve@mitre.org
N/A
http://isc.sans.edu/diary.html?storyid=9817cve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.htmlcve@mitre.org
N/A
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twittercve@mitre.org
N/A
http://secunia.com/advisories/41761cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/41965cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/41966cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/41969cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/41975cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/42003cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/42008cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/42043cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/42867cve@mitre.org
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706cve@mitre.org
N/A
http://support.avaya.com/css/P8/documents/100114329cve@mitre.org
N/A
http://support.avaya.com/css/P8/documents/100114335cve@mitre.org
N/A
http://www.debian.org/security/2010/dsa-2124cve@mitre.org
N/A
http://www.exploit-db.com/exploits/15341cve@mitre.org
Exploit
http://www.exploit-db.com/exploits/15342cve@mitre.org
Exploit
http://www.exploit-db.com/exploits/15352cve@mitre.org
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219cve@mitre.org
N/A
http://www.mozilla.org/security/announce/2010/mfsa2010-73.htmlcve@mitre.org
N/A
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/cve@mitre.org
N/A
http://www.norman.com/security_center/virus_description_archive/129146/cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0808.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0809.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0810.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0861.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0896.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/44425cve@mitre.org
N/A
http://www.securitytracker.com/id?1024645cve@mitre.org
N/A
http://www.securitytracker.com/id?1024650cve@mitre.org
N/A
http://www.securitytracker.com/id?1024651cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1011-2cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1011-3cve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-1011-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/2837cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2857cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2864cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2871cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0061cve@mitre.org
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=607222cve@mitre.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=646997cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108cve@mitre.org
N/A
https://rhn.redhat.com/errata/RHSA-2010-0812.htmlcve@mitre.org
N/A
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxaf854a3a-2127-422b-91ae-364da2661108
N/A
http://isc.sans.edu/diary.html?storyid=9817af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitteraf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/41761af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/41965af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/41966af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/41969af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/41975af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42003af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42008af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42043af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42867af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/css/P8/documents/100114329af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/css/P8/documents/100114335af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2010/dsa-2124af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.exploit-db.com/exploits/15341af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.exploit-db.com/exploits/15342af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.exploit-db.com/exploits/15352af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mozilla.org/security/announce/2010/mfsa2010-73.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.norman.com/security_center/virus_description_archive/129146/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0808.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0809.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0810.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0861.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0896.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/44425af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1024645af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1024650af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1024651af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1011-2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1011-3af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-1011-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/2837af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2857af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2864af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2871af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0061af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=607222af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=646997af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108af854a3a-2127-422b-91ae-364da2661108
N/A
https://rhn.redhat.com/errata/RHSA-2010-0812.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://isc.sans.edu/diary.html?storyid=9817
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/41761
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41965
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41966
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41969
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41975
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42003
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42008
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42043
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42867
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100114329
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100114335
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2010/dsa-2124
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/15341
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/15342
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/15352
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.norman.com/security_center/virus_description_archive/129146/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0808.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0809.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0810.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0861.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0896.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/44425
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024645
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024650
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024651
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1011-2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1011-3
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-1011-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/2837
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2857
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2864
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2871
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0061
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=646997
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0812.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://isc.sans.edu/diary.html?storyid=9817
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/41761
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41965
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41966
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41969
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41975
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42003
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42008
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42043
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42867
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100114329
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/css/P8/documents/100114335
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2010/dsa-2124
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/15341
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/15342
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/15352
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.norman.com/security_center/virus_description_archive/129146/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0808.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0809.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0810.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0861.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0896.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/44425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024645
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024650
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024651
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1011-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1011-3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-1011-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/2837
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2857
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2864
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2871
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0061
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=646997
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0812.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3844Records found
CVE-2015-7176
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-5.71% / 90.23%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7221
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.48% / 80.70%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-leapfedorafirefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7194
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.57% / 85.22%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7174
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.71%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7201
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.57% / 81.23%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-fedoraleapfirefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7180
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.71%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7220
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.48% / 80.70%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-leapfedoraopensusefirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7182
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-21.71% / 95.60%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-openssoiplanet_web_proxy_serveriplanet_web_servertraffic_directorfirefoxnetwork_security_servicesglassfish_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7179
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.12% / 83.79%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-windowsfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4482
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 25.77%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-firefoxopensusesolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4486
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.67% / 81.78%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-firefoxopensuseubuntu_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4514
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.91% / 88.02%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4513
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-4.25% / 88.54%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4517
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.71%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4521
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.71%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4489
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.20% / 84.10%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-solarisfirefoxopensuseubuntu_linuxfirefox_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2710
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.42% / 84.81%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

Action-Not Available
Vendor-n/aMozilla CorporationNovellopenSUSE
Product-firefoxopensusefirefox_esrsuse_linux_enterprise_serverthunderbirdsuse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2716
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-5.50% / 90.02%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSENovell
Product-thunderbirdsolarisfirefoxopensusefirefox_esrsuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2739
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.05% / 77.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationDebian GNU/LinuxNovellCanonical Ltd.
Product-thunderbirdsolarisfirefoxfirefox_esrubuntu_linuxsuse_linux_enterprise_serversuse_linux_enterprise_desktopdebian_linuxsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2740
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.49% / 87.30%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationDebian GNU/LinuxNovellCanonical Ltd.
Product-solarisfirefoxfirefox_esrubuntu_linuxsuse_linux_enterprise_serverthunderbirddebian_linuxsuse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2729
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.41% / 60.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-firefoxfirefox_esrsolaristhunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2726
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.25% / 79.02%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxsuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2725
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.63% / 81.55%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxfirefox_esrsuse_linux_enterprise_serverthunderbirdsuse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0829
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.18% / 84.02%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-firefoxopensuseubuntu_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0811
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.77% / 73.02%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0826
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.70% / 71.51%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0824
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-1.59% / 81.31%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0827
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.00% / 76.55%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxfirefox_esrthunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0825
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.66% / 70.75%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-5268
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 12:29
Updated-03 Nov, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12359
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-3.17% / 86.62%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12407
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.59% / 87.48%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12389
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.77% / 82.30%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESR
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12390
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.18% / 91.39%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5089
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.99% / 86.24%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12375
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.94%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12405
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.29% / 93.01%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12376
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.11% / 86.50%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12406
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.43%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1528
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.26% / 79.09%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEFedora ProjectCanonical Ltd.Oracle CorporationMicrosoft Corporation
Product-solarisfirefoxopensuseseamonkeyubuntu_linuxfedorawindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1534
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.24% / 86.81%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1553
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-0.55% / 67.52%
||
7 Day CHG~0.00%
Published-03 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSE
Product-firefoxopensuseevergreenthunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1565
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.80% / 73.58%
||
7 Day CHG~0.00%
Published-03 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1593
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.11% / 83.77%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 11:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-seamonkeythunderbirdfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1578
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.64% / 81.64%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1562
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.27% / 79.13%
||
7 Day CHG~0.00%
Published-03 Sep, 2014 | 10:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefox_esrthunderbirdfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1554
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.27% / 79.13%
||
7 Day CHG~0.00%
Published-03 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1543
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.40% / 87.14%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1542
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.72% / 89.15%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-firefoxopensusesolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1576
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-4.67% / 89.08%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • ...
  • 11
  • 12
  • 13
  • ...
  • 76
  • 77
  • Next
Details not found