ByteOS Network

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Date Added	Due Date	Vulnerability Name	Required Action
2025-10-06	2025-10-27	Mozilla Multiple Products Remote Code Execution Vulnerability	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov
CWE-119	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/	cve@mitre.org	Vendor Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox	cve@mitre.org	N/A
http://isc.sans.edu/diary.html?storyid=9817	cve@mitre.org	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html	cve@mitre.org	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html	cve@mitre.org	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html	cve@mitre.org	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html	cve@mitre.org	N/A
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter	cve@mitre.org	N/A
http://secunia.com/advisories/41761	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/41965	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/41966	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/41969	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/41975	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/42003	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/42008	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/42043	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/42867	cve@mitre.org	Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706	cve@mitre.org	N/A
http://support.avaya.com/css/P8/documents/100114329	cve@mitre.org	N/A
http://support.avaya.com/css/P8/documents/100114335	cve@mitre.org	N/A
http://www.debian.org/security/2010/dsa-2124	cve@mitre.org	N/A
http://www.exploit-db.com/exploits/15341	cve@mitre.org	Exploit
http://www.exploit-db.com/exploits/15342	cve@mitre.org	Exploit
http://www.exploit-db.com/exploits/15352	cve@mitre.org	Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213	cve@mitre.org	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219	cve@mitre.org	N/A
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html	cve@mitre.org	N/A
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/	cve@mitre.org	N/A
http://www.norman.com/security_center/virus_description_archive/129146/	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2010-0808.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2010-0809.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2010-0810.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2010-0861.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2010-0896.html	cve@mitre.org	N/A
http://www.securityfocus.com/bid/44425	cve@mitre.org	N/A
http://www.securitytracker.com/id?1024645	cve@mitre.org	N/A
http://www.securitytracker.com/id?1024650	cve@mitre.org	N/A
http://www.securitytracker.com/id?1024651	cve@mitre.org	N/A
http://www.ubuntu.com/usn/USN-1011-2	cve@mitre.org	N/A
http://www.ubuntu.com/usn/USN-1011-3	cve@mitre.org	N/A
http://www.ubuntu.com/usn/usn-1011-1	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2010/2837	cve@mitre.org	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2857	cve@mitre.org	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2864	cve@mitre.org	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2871	cve@mitre.org	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0061	cve@mitre.org	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=607222	cve@mitre.org	N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53	cve@mitre.org	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=646997	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108	cve@mitre.org	N/A
https://rhn.redhat.com/errata/RHSA-2010-0812.html	cve@mitre.org	N/A
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox	af854a3a-2127-422b-91ae-364da2661108	N/A
http://isc.sans.edu/diary.html?storyid=9817	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/41761	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/41965	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/41966	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/41969	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/41975	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/42003	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/42008	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/42043	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/42867	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706	af854a3a-2127-422b-91ae-364da2661108	N/A
http://support.avaya.com/css/P8/documents/100114329	af854a3a-2127-422b-91ae-364da2661108	N/A
http://support.avaya.com/css/P8/documents/100114335	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2010/dsa-2124	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.exploit-db.com/exploits/15341	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.exploit-db.com/exploits/15342	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.exploit-db.com/exploits/15352	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.norman.com/security_center/virus_description_archive/129146/	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2010-0808.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2010-0809.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2010-0810.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2010-0861.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2010-0896.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/44425	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id?1024645	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id?1024650	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id?1024651	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-1011-2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-1011-3	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/usn-1011-1	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2010/2837	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2857	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2864	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2871	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0061	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=607222	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=646997	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108	af854a3a-2127-422b-91ae-364da2661108	N/A
https://rhn.redhat.com/errata/RHSA-2010-0812.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3765	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://isc.sans.edu/diary.html?storyid=9817

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/41761

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/41965

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/41966

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/41969

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/41975

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/42003

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/42008

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/42043

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/42867

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://support.avaya.com/css/P8/documents/100114329

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://support.avaya.com/css/P8/documents/100114335

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2010/dsa-2124

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.exploit-db.com/exploits/15341

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://www.exploit-db.com/exploits/15342

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://www.exploit-db.com/exploits/15352

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:213

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:219

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.norman.com/about_norman/press_center/news_archive/2010/129223/

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.norman.com/security_center/virus_description_archive/129146/

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0808.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0809.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0810.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0861.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0896.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/44425

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securitytracker.com/id?1024645

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securitytracker.com/id?1024650

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securitytracker.com/id?1024651

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/USN-1011-2

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/USN-1011-3

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/usn-1011-1

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2010/2837

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.vupen.com/english/advisories/2010/2857

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.vupen.com/english/advisories/2010/2864

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.vupen.com/english/advisories/2010/2871

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.vupen.com/english/advisories/2011/0061

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=646997

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0812.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/