Loading
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Use CWE-119, Mozilla vendor hub and Firefox product page to widen CVE-2010-3765 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-6776, CVE-2026-6784 and CVE-2026-6782 for nearby disclosures in the same product family.