JVN/CVE Demo: Cveinfos

CVE

Id: 46349
CVE No.: CVE-2010-3765
Status: Candidate
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Phase: Assigned (20101005)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
505295	46349	CVE-2010-3765	EXPLOIT-DB:15341	View
505296	46349	CVE-2010-3765	URL:http://www.exploit-db.com/exploits/15341	View
505297	46349	CVE-2010-3765	EXPLOIT-DB:15342	View
505298	46349	CVE-2010-3765	URL:http://www.exploit-db.com/exploits/15342	View
505299	46349	CVE-2010-3765	EXPLOIT-DB:15352	View
505300	46349	CVE-2010-3765	URL:http://www.exploit-db.com/exploits/15352	View
505301	46349	CVE-2010-3765	MISC:http://isc.sans.edu/diary.html?storyid=9817	View
505302	46349	CVE-2010-3765	MISC:http://www.norman.com/about_norman/press_center/news_archive/2010/129223/	View
505303	46349	CVE-2010-3765	MISC:http://www.norman.com/security_center/virus_description_archive/129146/	View
505304	46349	CVE-2010-3765	MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53	View
505305	46349	CVE-2010-3765	MISC:http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter	View
505306	46349	CVE-2010-3765	CONFIRM:http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/	View
505307	46349	CVE-2010-3765	CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=607222	View
505308	46349	CVE-2010-3765	CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=646997	View
505309	46349	CVE-2010-3765	CONFIRM:http://www.mozilla.org/security/announce/2010/mfsa2010-73.html	View
505310	46349	CVE-2010-3765	CONFIRM:http://support.avaya.com/css/P8/documents/100114329	View
505311	46349	CVE-2010-3765	CONFIRM:http://support.avaya.com/css/P8/documents/100114335	View
505312	46349	CVE-2010-3765	CONFIRM:http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox	View
505313	46349	CVE-2010-3765	DEBIAN:DSA-2124	View
505314	46349	CVE-2010-3765	URL:http://www.debian.org/security/2010/dsa-2124	View
505315	46349	CVE-2010-3765	FEDORA:FEDORA-2010-17105	View
505316	46349	CVE-2010-3765	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html	View
505317	46349	CVE-2010-3765	FEDORA:FEDORA-2010-16883	View
505318	46349	CVE-2010-3765	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html	View
505319	46349	CVE-2010-3765	FEDORA:FEDORA-2010-16885	View
505320	46349	CVE-2010-3765	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html	View
505321	46349	CVE-2010-3765	FEDORA:FEDORA-2010-16897	View
505322	46349	CVE-2010-3765	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html	View
505323	46349	CVE-2010-3765	MANDRIVA:MDVSA-2010:213	View
505324	46349	CVE-2010-3765	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:213	View
505325	46349	CVE-2010-3765	MANDRIVA:MDVSA-2010:219	View
505326	46349	CVE-2010-3765	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:219	View
505327	46349	CVE-2010-3765	REDHAT:RHSA-2010:0809	View
505328	46349	CVE-2010-3765	URL:http://www.redhat.com/support/errata/RHSA-2010-0809.html	View
505329	46349	CVE-2010-3765	REDHAT:RHSA-2010:0810	View
505330	46349	CVE-2010-3765	URL:http://www.redhat.com/support/errata/RHSA-2010-0810.html	View
505331	46349	CVE-2010-3765	REDHAT:RHSA-2010:0808	View
505332	46349	CVE-2010-3765	URL:http://www.redhat.com/support/errata/RHSA-2010-0808.html	View
505333	46349	CVE-2010-3765	REDHAT:RHSA-2010:0812	View
505334	46349	CVE-2010-3765	URL:https://rhn.redhat.com/errata/RHSA-2010-0812.html	View
505335	46349	CVE-2010-3765	REDHAT:RHSA-2010:0861	View
505336	46349	CVE-2010-3765	URL:http://www.redhat.com/support/errata/RHSA-2010-0861.html	View
505337	46349	CVE-2010-3765	REDHAT:RHSA-2010:0896	View
505338	46349	CVE-2010-3765	URL:http://www.redhat.com/support/errata/RHSA-2010-0896.html	View
505339	46349	CVE-2010-3765	SLACKWARE:SSA:2010-305-01	View
505340	46349	CVE-2010-3765	URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706	View
505341	46349	CVE-2010-3765	UBUNTU:USN-1011-3	View
505342	46349	CVE-2010-3765	URL:http://www.ubuntu.com/usn/USN-1011-3	View
505343	46349	CVE-2010-3765	UBUNTU:USN-1011-1	View
505344	46349	CVE-2010-3765	URL:http://www.ubuntu.com/usn/usn-1011-1	View
505345	46349	CVE-2010-3765	UBUNTU:USN-1011-2	View
505346	46349	CVE-2010-3765	URL:http://www.ubuntu.com/usn/USN-1011-2	View
505347	46349	CVE-2010-3765	BID:44425	View
505348	46349	CVE-2010-3765	URL:http://www.securityfocus.com/bid/44425	View
505349	46349	CVE-2010-3765	OVAL:oval:org.mitre.oval:def:12108	View
505350	46349	CVE-2010-3765	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12108	View
505351	46349	CVE-2010-3765	SECTRACK:1024650	View
505352	46349	CVE-2010-3765	URL:http://www.securitytracker.com/id?1024650	View
505353	46349	CVE-2010-3765	SECTRACK:1024651	View
505354	46349	CVE-2010-3765	URL:http://www.securitytracker.com/id?1024651	View
505355	46349	CVE-2010-3765	SECTRACK:1024645	View
505356	46349	CVE-2010-3765	URL:http://www.securitytracker.com/id?1024645	View
505357	46349	CVE-2010-3765	SECUNIA:41966	View
505358	46349	CVE-2010-3765	URL:http://secunia.com/advisories/41966	View
505359	46349	CVE-2010-3765	SECUNIA:41969	View
505360	46349	CVE-2010-3765	URL:http://secunia.com/advisories/41969	View
505361	46349	CVE-2010-3765	SECUNIA:42008	View
505362	46349	CVE-2010-3765	URL:http://secunia.com/advisories/42008	View
505363	46349	CVE-2010-3765	SECUNIA:42043	View
505364	46349	CVE-2010-3765	URL:http://secunia.com/advisories/42043	View
505365	46349	CVE-2010-3765	SECUNIA:41761	View
505366	46349	CVE-2010-3765	URL:http://secunia.com/advisories/41761	View
505367	46349	CVE-2010-3765	SECUNIA:41965	View
505368	46349	CVE-2010-3765	URL:http://secunia.com/advisories/41965	View
505369	46349	CVE-2010-3765	SECUNIA:41975	View
505370	46349	CVE-2010-3765	URL:http://secunia.com/advisories/41975	View
505371	46349	CVE-2010-3765	SECUNIA:42003	View
505372	46349	CVE-2010-3765	URL:http://secunia.com/advisories/42003	View
505373	46349	CVE-2010-3765	SECUNIA:42867	View
505374	46349	CVE-2010-3765	URL:http://secunia.com/advisories/42867	View
505375	46349	CVE-2010-3765	VUPEN:ADV-2010-2871	View
505376	46349	CVE-2010-3765	URL:http://www.vupen.com/english/advisories/2010/2871	View
505377	46349	CVE-2010-3765	VUPEN:ADV-2010-2837	View
505378	46349	CVE-2010-3765	URL:http://www.vupen.com/english/advisories/2010/2837	View
505379	46349	CVE-2010-3765	VUPEN:ADV-2010-2857	View
505380	46349	CVE-2010-3765	URL:http://www.vupen.com/english/advisories/2010/2857	View
505381	46349	CVE-2010-3765	VUPEN:ADV-2010-2864	View
505382	46349	CVE-2010-3765	URL:http://www.vupen.com/english/advisories/2010/2864	View
505383	46349	CVE-2010-3765	VUPEN:ADV-2011-0061	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
36790	JVNDB-2010-002570	Windows 上で稼働する複数の Mozilla 製品における任意のコードを実行される脆弱性	Windows 上で稼働する複数の Mozilla 製品の line-breaking 実装は、長大な文字列を適切に処理しないため、任意のコードを実行される脆弱性が存在します。	CVE-2010-3769	46349	9.3		http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002570.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.40 MB
View render complete	2.95 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.74
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	493.65
Event: Controller.beforeRender	6.54
» Processing toolbar data	6.43
Rendering View	25.93
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	24.69
» Event: View.afterRender	0.03
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.72
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.16
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/46349
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/46349
Remote Port	37000
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.211
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.2.235.78
Http Via	1.1 squid-proxy-5b5d847c96-qsdzj (squid/6.13)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.211
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.211
Unique Id	aS_Aoy4L2t1ejEDr8DDu5gAAADM
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.211
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.211
Redirect Unique Id	aS_Aoy4L2t1ejEDr8DDu5gAAADM
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.211
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.211
Redirect Redirect Unique Id	aS_Aoy4L2t1ejEDr8DDu5gAAADM
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1764737187.4941
Request Time	1764737187

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files