CVE-2010-3765: Race Condition
First published: Tue Oct 26 2010(Updated: )
A race condition exists in Firefox's handling of DOM element (tags) properties. Malicious HTML content could use this flaw to execute arbitrary code as the user running Firefox. This flaw does not affect the versions of SeaMonkey or Thunderbird shipped in Red Hat Enterprise Linux 3, 4, or 5.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =3.5.3 | |
| Mozilla Firefox | =3.5.6 | |
| Mozilla Firefox | =3.5 | |
| Mozilla Firefox | =3.5.5 | |
| Mozilla Firefox | =3.5.9 | |
| Mozilla Firefox | =3.5.4 | |
| Mozilla Firefox | =3.5.7 | |
| Mozilla Firefox | =3.5.11 | |
| Mozilla Firefox | =3.5.14 | |
| Mozilla Firefox | =3.5.10 | |
| Mozilla Firefox | =3.5.1 | |
| Mozilla Firefox | =3.5.2 | |
| Mozilla Firefox | =3.5.12 | |
| Mozilla Firefox | =3.5.13 | |
| Mozilla Firefox | =3.5.8 | |
| Mozilla Firefox | =3.6.2 | |
| Mozilla Firefox | =3.6.3 | |
| Mozilla Firefox | =3.6.11 | |
| Mozilla Firefox | =3.6.8 | |
| Mozilla Firefox | =3.6.9 | |
| Mozilla Firefox | =3.6.6 | |
| Mozilla Firefox | =3.6.10 | |
| Mozilla Firefox | =3.6.7 | |
| Mozilla Firefox | =3.6.4 | |
| Mozilla Firefox | =3.6 | |
| Mozilla Thunderbird | =3.0.8 | |
| Mozilla Thunderbird | =3.0.5 | |
| Mozilla Thunderbird | =3.0.9 | |
| Mozilla Thunderbird | =3.0.1 | |
| Mozilla Thunderbird | =3.1.2 | |
| Mozilla Thunderbird | =3.1.1 | |
| Mozilla Thunderbird | =3.1.4 | |
| Mozilla Thunderbird | =3.0.7 | |
| Mozilla Thunderbird | =3.0.6 | |
| Mozilla Thunderbird | =3.0.3 | |
| Mozilla Thunderbird | =3.1.5 | |
| Mozilla Thunderbird | =3.0.4 | |
| Mozilla Thunderbird | =3.1.3 | |
| Mozilla Thunderbird | =3.0.2 | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0.8 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0.9 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =2.0.7 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.0.6 | |
| Mozilla SeaMonkey | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
- https://rhn.redhat.com/errata/RHSA-2010-0809.html
- https://rhn.redhat.com/errata/RHSA-2010-0808.html
- https://rhn.redhat.com/errata/RHSA-2010-0810.html
- https://rhn.redhat.com/errata/RHSA-2010-0812.html
- https://rhn.redhat.com/errata/RHSA-2010-0861.html
- https://rhn.redhat.com/errata/RHSA-2010-0896.html
- https://bugzilla.redhat.com/show_bug.cgi?id=646997
- http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
- http://isc.sans.edu/diary.html?storyid=9817
- http://www.norman.com/security_center/virus_description_archive/129146/
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222
- http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
- http://www.vupen.com/english/advisories/2010/2871
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
- http://secunia.com/advisories/42008
- http://www.redhat.com/support/errata/RHSA-2010-0808.html
- http://www.ubuntu.com/usn/USN-1011-3
- http://www.vupen.com/english/advisories/2010/2864
- http://www.redhat.com/support/errata/RHSA-2010-0809.html
- http://www.vupen.com/english/advisories/2010/2857
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
- http://www.redhat.com/support/errata/RHSA-2010-0810.html
- http://secunia.com/advisories/41966
- http://secunia.com/advisories/41969
- http://www.securitytracker.com/id?1024650
- http://www.vupen.com/english/advisories/2010/2837
- http://www.securitytracker.com/id?1024651
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
- http://secunia.com/advisories/42043
- http://secunia.com/advisories/41965
- http://secunia.com/advisories/41761
- http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
- http://support.avaya.com/css/P8/documents/100114329
- http://www.securitytracker.com/id?1024645
- http://www.ubuntu.com/usn/usn-1011-1
- http://secunia.com/advisories/41975
- http://www.securityfocus.com/bid/44425
- http://secunia.com/advisories/42003
- http://support.avaya.com/css/P8/documents/100114335
- http://www.redhat.com/support/errata/RHSA-2010-0896.html
- http://www.redhat.com/support/errata/RHSA-2010-0861.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- http://secunia.com/advisories/42867
- http://www.vupen.com/english/advisories/2011/0061
- http://www.exploit-db.com/exploits/15341
- http://www.exploit-db.com/exploits/15352
- http://www.exploit-db.com/exploits/15342
- http://www.ubuntu.com/usn/USN-1011-2
- http://www.debian.org/security/2010/dsa-2124
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
- collector/redhat-bugzilla
- alias/CVE-2010-3765
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/3.5.3
- version/mozilla firefox/3.5.6
- version/mozilla firefox/3.5
- version/mozilla firefox/3.5.5
- version/mozilla firefox/3.5.9
- version/mozilla firefox/3.5.4
- version/mozilla firefox/3.5.7
- version/mozilla firefox/3.5.11
- version/mozilla firefox/3.5.14
- version/mozilla firefox/3.5.10
- version/mozilla firefox/3.5.1
- version/mozilla firefox/3.5.2
- version/mozilla firefox/3.5.12
- version/mozilla firefox/3.5.13
- version/mozilla firefox/3.5.8
- version/mozilla firefox/3.6.2
- version/mozilla firefox/3.6.3
- version/mozilla firefox/3.6.11
- version/mozilla firefox/3.6.8
- version/mozilla firefox/3.6.9
- version/mozilla firefox/3.6.6
- version/mozilla firefox/3.6.10
- version/mozilla firefox/3.6.7
- version/mozilla firefox/3.6.4
- version/mozilla firefox/3.6
- canonical/mozilla thunderbird
- version/mozilla thunderbird/3.0.8
- version/mozilla thunderbird/3.0.5
- version/mozilla thunderbird/3.0.9
- version/mozilla thunderbird/3.0.1
- version/mozilla thunderbird/3.1.2
- version/mozilla thunderbird/3.1.1
- version/mozilla thunderbird/3.1.4
- version/mozilla thunderbird/3.0.7
- version/mozilla thunderbird/3.0.6
- version/mozilla thunderbird/3.0.3
- version/mozilla thunderbird/3.1.5
- version/mozilla thunderbird/3.0.4
- version/mozilla thunderbird/3.1.3
- version/mozilla thunderbird/3.0.2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/2.0.8
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/2.0.9
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/2.0.7
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/2.0