CriticalCISA KEVExploited in the wildPublic exploit

Remote Code Execution in Mozilla nsCSSFrameConstructor::ContentAppended

IdentifiersCVE-2010-3765CWE-119· Improper Restriction of Operations…

CVE-2010-3765 is a memory corruption vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.0.x before 3.0.10 and 3.1.x before 3.1.6, and SeaMonkey 2.x before 2.0.10. When JavaScript is enabled, a remote attacker can trigger the flaw through web content that abuses DOM manipulation, specifically vectors involving appendChild, incorrect index tracking, and creation of multiple frames during processing in nsCSSFrameConstructor::ContentAppended. The resulting memory corruption can be leveraged for arbitrary code execution. The vulnerability was reported as exploited in the wild in October 2010 by the Belmoo malware.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause memory corruption leading to arbitrary code execution in the context of the affected application. In practical terms, this allows a remote attacker to run attacker-controlled code when a victim processes malicious web content or equivalent active content, potentially resulting in full compromise of the browser session, theft of data accessible to the user, malware installation, and further pivoting under the privileges of the current user.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by disabling JavaScript in affected Mozilla products, restricting access to untrusted web content, and isolating or retiring legacy clients. Additional compensating controls include application allowlisting, least-privilege user contexts, network egress monitoring, and detection for exploitation attempts or malware delivery associated with malicious web pages. These are temporary measures and do not replace vendor updates.

Remediation

Patch, then assume compromise.

Upgrade to a fixed Mozilla release. The affected products include Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.0.x before 3.0.10 and 3.1.x before 3.1.6, and SeaMonkey 2.x before 2.0.10. Remediation is to update to Firefox 3.5.15 or later, Firefox 3.6.12 or later, Thunderbird 3.0.10 or later, Thunderbird 3.1.6 or later, and SeaMonkey 2.0.10 or later, or preferably to a currently supported version.

PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 3 candidates as fakes, detection scripts, or README-only repos.

VALID 0 / 3 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

MozillaFirefoxapplication

MozillaSeamonkeyapplication

MozillaThunderbirdapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

10 SOURCESView more in app

cyberthroneNews

Oct 7, 2025

CISA Adds 7 Actively Exploited Vulnerabilities to KEV Catalog

A memory corruption remote code execution vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey exploitable via JavaScript frame construction manipulation.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2010-3765

NVD

nvd.nist.gov/vuln/detail/CVE-2010-3765

MITRE CWE · CWE-119

Improper Restriction of Operations within the…

Vendor Advisory

blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6

Vendor Advisory

secunia.com/advisories/41761

Vendor Advisory

secunia.com/advisories/41965

Vendor Advisory

secunia.com/advisories/41966

Vendor Advisory

secunia.com/advisories/41969

Vendor Advisory

secunia.com/advisories/41975

Vendor Advisory

secunia.com/advisories/42003

Vendor Advisory

secunia.com/advisories/42008

Vendor Advisory

secunia.com/advisories/42043

+36 more references

view more in app