Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/185289?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/185289?format=api", "purl": "pkg:rpm/redhat/firefox@3.0.14-1?arch=el5_4", "type": "rpm", "namespace": "redhat", "name": "firefox", "version": "3.0.14-1", "qualifiers": { "arch": "el5_4" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2602?format=api", "vulnerability_id": "VCID-366w-42za-1qb1", "summary": "Security researcher Juan Pablo Lopez Yacubian\nreported that an attacker could call window.open() on an\ninvalid URL which looks similar to a legitimate URL and then\nuse document.write() to place content within the new\ndocument, appearing to have come from the spoofed location.\nAdditionally, if the spoofed document was created by a document with a\nvalid SSL certificate, the SSL indicators would be carried over into\nthe spoofed document. An attacker could use these issues to display\nmisleading location and SSL information for a malicious web page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13196", "scoring_system": "epss", "scoring_elements": "0.94263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.13196", "scoring_system": "epss", "scoring_elements": "0.94272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521311", "reference_id": "521311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654", "reference_id": "CVE-2009-2654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html", "reference_id": "CVE-2009-2654;OSVDB-56717", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html" }, { "reference_url": "https://www.securityfocus.com/bid/35803/info", "reference_id": "CVE-2009-2654;OSVDB-56717", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35803/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-44", "reference_id": "mfsa2009-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://usn.ubuntu.com/811-1/", "reference_id": "USN-811-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/811-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-2654" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-366w-42za-1qb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2606?format=api", "vulnerability_id": "VCID-dcga-xsfg-xqda", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the BrowserFeedWriter could be leveraged to run\nJavaScript code from web content with elevated privileges. Using this\nvulnerability, an attacker could construct an object containing\nmalicious JavaScript and cause the FeedWriter to process the object,\nrunning the malicious code with chrome privileges.Thunderbird does not support\nthe BrowserFeedWriter object and is not vulnerable in its\ndefault configuration. Thunderbird might be vulnerable if the user has\ninstalled any add-on which adds a similarly implemented feature and\nthen enables JavaScript in mail messages. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0151", "scoring_system": "epss", "scoring_elements": "0.81522", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0151", "scoring_system": "epss", "scoring_elements": "0.81551", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3079" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521695", "reference_id": "521695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079", "reference_id": "CVE-2009-3079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-51", "reference_id": "mfsa2009-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3079" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dcga-xsfg-xqda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2618?format=api", "vulnerability_id": "VCID-f3dr-bet4-qfhn", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.8716", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.87182", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521687", "reference_id": "521687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071", "reference_id": "CVE-2009-3071", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3071" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f3dr-bet4-qfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2635?format=api", "vulnerability_id": "VCID-j5rm-5key-eqh7", "summary": "Mozilla security researcher Jesse Ruderman reported\nthat when security modules were added or removed\nvia pkcs11.addmodule or pkcs11.deletemodule,\nthe resulting dialog was not sufficiently informative. Without\nsufficient warning, an attacker could entice a victim to install a\nmalicious PKCS11 module and affect the cryptographic integrity of the\nvictim's browser.Security researcher Dan Kaminsky reported that\nthis issue had not been fixed in Firefox 3.0 and that under certain\ncircumstances pkcs11 modules could be installed from a\nremote location.Firefox 3.5 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17599", "scoring_system": "epss", "scoring_elements": "0.95218", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17599", "scoring_system": "epss", "scoring_elements": "0.95225", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3076" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692", "reference_id": "521692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076", "reference_id": "CVE-2009-3076", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt", "reference_id": "CVE-2009-3076;OSVDB-57977", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-48", "reference_id": "mfsa2009-48", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3076" ], "risk_score": 0.4, "exploitability": "2.0", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5rm-5key-eqh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2620?format=api", "vulnerability_id": "VCID-m92z-gnyf-gucn", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06345", "scoring_system": "epss", "scoring_elements": "0.9115", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06345", "scoring_system": "epss", "scoring_elements": "0.91163", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521690", "reference_id": "521690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074", "reference_id": "CVE-2009-3074", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3074" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m92z-gnyf-gucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2657?format=api", "vulnerability_id": "VCID-mua7-tbmx-6fgr", "summary": "An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, reported that the columns of a XUL tree element could be\nmanipulated in a particular way which would leave a pointer owned by\nthe column pointing to freed memory. An attacker could potentially\nuse this vulnerability to crash a victim's browser and run arbitrary\ncode on the victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.90327", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.90342", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693", "reference_id": "521693", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077", "reference_id": "CVE-2009-3077", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-49", "reference_id": "mfsa2009-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3077" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mua7-tbmx-6fgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2675?format=api", "vulnerability_id": "VCID-pua3-9myf-akfg", "summary": "Security researcher Juan Pablo Lopez Yacubian\nreported that the default Windows font used to render the locationbar\nand other text fields was improperly displaying certain Unicode\ncharacters with tall line-height. In such cases the tall line-height\nwould cause the rest of the text in the input field to be scrolled\nvertically out of view. An attacker could use this vulnerability to\nprevent a user from seeing the URL of a malicious site.Corrie Sloot also independently reported this\nissue to Mozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01724", "scoring_system": "epss", "scoring_elements": "0.8276", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01724", "scoring_system": "epss", "scoring_elements": "0.82785", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3078" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521694", "reference_id": "521694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078", "reference_id": "CVE-2009-3078", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-50", "reference_id": "mfsa2009-50", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3078" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pua3-9myf-akfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2169?format=api", "vulnerability_id": "VCID-ruxv-49gp-ykg5", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04749", "scoring_system": "epss", "scoring_elements": "0.89616", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04749", "scoring_system": "epss", "scoring_elements": "0.89633", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3072" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688", "reference_id": "521688", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072", "reference_id": "CVE-2009-3072", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3072" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruxv-49gp-ykg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2617?format=api", "vulnerability_id": "VCID-tc58-ttgn-9bh4", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04029", "scoring_system": "epss", "scoring_elements": "0.88693", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04029", "scoring_system": "epss", "scoring_elements": "0.8871", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521686", "reference_id": "521686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070", "reference_id": "CVE-2009-3070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3070" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc58-ttgn-9bh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2168?format=api", "vulnerability_id": "VCID-uxfr-dz5s-kfdz", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06395", "scoring_system": "epss", "scoring_elements": "0.91186", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06395", "scoring_system": "epss", "scoring_elements": "0.91199", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691", "reference_id": "521691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075", "reference_id": "CVE-2009-3075", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3075" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxfr-dz5s-kfdz" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@3.0.14-1%3Farch=el5_4" }