Mozilla Firefox 3.5.x up to and including 3.5.14 and 3.6.x up to and including 3.6.11, Thunderbird 3.1.6 prior to 3.1.6 and 3.0.x prior to 3.0.10, and SeaMonkey 2.x prior to 2.0.10, when JavaScript is enabled, allows remote malicious users to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.5.5 |
||
mozilla firefox 3.5.4 |
||
mozilla firefox 3.5.1 |
||
mozilla firefox 3.5 |
||
mozilla firefox 3.5.7 |
||
mozilla firefox 3.5.6 |
||
mozilla firefox 3.5.12 |
||
mozilla firefox 3.5.11 |
||
mozilla firefox 3.5.10 |
||
mozilla firefox 3.5.9 |
||
mozilla firefox 3.5.8 |
||
mozilla firefox 3.5.14 |
||
mozilla firefox 3.5.13 |
||
mozilla firefox 3.5.3 |
||
mozilla firefox 3.5.2 |
||
mozilla firefox 3.6.4 |
||
mozilla firefox 3.6.6 |
||
mozilla firefox 3.6.2 |
||
mozilla firefox 3.6.3 |
||
mozilla firefox 3.6.10 |
||
mozilla firefox 3.6.11 |
||
mozilla firefox 3.6.9 |
||
mozilla firefox 3.6 |
||
mozilla firefox 3.6.7 |
||
mozilla firefox 3.6.8 |
||
mozilla thunderbird 3.1.3 |
||
mozilla thunderbird 3.1.1 |
||
mozilla thunderbird 3.0.2 |
||
mozilla thunderbird 3.0.9 |
||
mozilla thunderbird 3.1.2 |
||
mozilla thunderbird 3.1.4 |
||
mozilla thunderbird 3.0.7 |
||
mozilla thunderbird 3.0.6 |
||
mozilla thunderbird 3.0.4 |
||
mozilla thunderbird 3.0.5 |
||
mozilla thunderbird 3.0.8 |
||
mozilla thunderbird 3.1.5 |
||
mozilla thunderbird 3.0.1 |
||
mozilla thunderbird 3.0.3 |
||
mozilla seamonkey 2.0.2 |
||
mozilla seamonkey 2.0.7 |
||
mozilla seamonkey 2.0 |
||
mozilla seamonkey 2.0.3 |
||
mozilla seamonkey 2.0.8 |
||
mozilla seamonkey 2.0.6 |
||
mozilla seamonkey 2.0.5 |
||
mozilla seamonkey 2.0.4 |
||
mozilla seamonkey 2.0.1 |
||
mozilla seamonkey 2.0.9 |
Firefox (FF) users should be aware of a use-after-free vulnerability affecting Firefox versions 3.6.11 and earlier. The security team at Firefox has been working on getting a patch out since at least early Tuesday morning, delivering a v3.6.12 release candidate available for brave nightly build developers and testers last night. A zero day exploit attacking this vulnerability was used at the compromised Nobel Peace Prize website to drop a trojan on unsuspecting visitors’ systems, although the ...