🟢 CVE-2010-3765

CVE-2010-3765 is a memory corruption vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey browsers that allows remote code execution when JavaScript is enabled. Despite being in CISA KEV and having a high CVSS score, this is a client-side browser vulnerability requiring users to visit malicious websites, not a server-side vulnerability.

← Back to Overview
LOW_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2010-10-27

Added to CISA KEV: 2025-10-06 5458 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2010-3765 is a critical memory corruption vulnerability that affected several Mozilla products in 2010. Below is the summary of the requested information:

Overview and Impact
  • Vulnerability Type: Memory corruption triggered by incorrect index tracking and the creation of multiple frames during specific DOM operations (specifically related to `nsCSSFrameConstructor::ContentAppended` and the `appendChild` method) [1].
  • Impact: Successful exploitation allows a remote attacker to execute arbitrary code on the victim's system with the privileges of the user running the browser [1].
Exploitation Details
  • Active Exploitation: The vulnerability was actively exploited in the wild in October 2010 [1].
  • Threat Actor Usage: It was specifically used to deliver and execute the Belmoo backdoor (Backdoor:Win32/Belmoo.A)?Name=Exploit:JS/CVE-2010-3765?kagi_q=CVE-2010-3765+details+exploitation+impact+affected+versions.
  • Attack Method: It is a remote attack vector. Exploitation requires the victim to visit a malicious or compromised website while using a vulnerable browser with JavaScript enabled [1]?Name=Exploit:JS/CVE-2010-3765?kagi_q=CVE-2010-3765+details+exploitation+impact+affected+versions.
  • Ransomware/Targeted Attacks: While it was used to deploy a backdoor (Belmoo), there is no widespread documentation of it being used in modern ransomware campaigns, as the vulnerability is over 15 years old and affects legacy software.
Affected Products and Mitigation
  • Affected Versions:
* Mozilla Firefox: 3.5.x through 3.5.14 and 3.6.x through 3.6.11 [2]. * Thunderbird: 3.0.x before 3.0.10 and 3.1.x before 3.1.6 [1]. * SeaMonkey: 2.x before 2.0.10 [1].
  • Status: These products have long since been patched. Users should ensure they are running current, supported versions of these applications to remain protected against this and subsequent vulnerabilities.

Sources

  1. NVD - CVE-2010-3765

    Description Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppen…

  2. CVE-2010-3765 - Red Hat Customer Portal

    Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed