Oval Definition:	oval:org.mitre.oval:def:12108
Revision Date: 2014-10-06 Version: 29 Title: Arbitrary code execution vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10 Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2010-3765 Platform(s): Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird Definition Synopsis Mozilla Firefox is installed and the version is 3.5.x before 3.5.15, 3.6.x before 3.6.12 Mozilla Firefox Mainline release is installed AND Either versions of Mozilla Firefox is installed Mozilla Firefox Mainline version is 3.5.x before 3.5.15 OR Mozilla Firefox Mainline version is 3.6.x before 3.6.12 OR Mozilla Thunderbird is installed and version is 3.1.x before 3.1.6, 3.0.x before 3.0.10 Mozilla Thunderbird Mainline release is installed AND Either versions of Mozilla Thunderbird is installed Check if the version of Mozilla Thunderbird is 3.1.x before 3.1.6 OR Check if the version of Mozilla Thunderbird is 3.0.x before 3.0.10 OR Mozilla Seamonkey is installed and version is 2.x before 2.0.10 Mozilla Seamonkey is installed AND Check if the version of Mozilla Seamonkey is before 2.0.10 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0
BACK