Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/194335?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "type": "ebuild", "namespace": "dev-libs", "name": "nss", "version": "10.0.11", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2292?format=api", "vulnerability_id": "VCID-15hg-smda-afby", "summary": "Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.76192", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.76218", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5841" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877628", "reference_id": "877628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841", "reference_id": "CVE-2012-5841", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-100", "reference_id": "mfsa2012-100", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5841" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15hg-smda-afby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2335?format=api", "vulnerability_id": "VCID-1ad6-euv1-ffdn", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87464", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87485", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975", "reference_id": "CVE-2012-1975", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1975" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ad6-euv1-ffdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2874?format=api", "vulnerability_id": "VCID-1az2-21v2-5bbg", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG\nimplementation could result in an out-of-bounds memory access if\nSVG elements were removed during a DOMAttrModified event handler.\nThis vulnerability does not affect products prior to Firefox 8\nand SeaMonkey 2.5. Thunderbird 8 users would be vulnerable only if\nusing a browser-like feature that allowed scripts to run; users\nare not at risk while reading mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75876", "scoring_system": "epss", "scoring_elements": "0.9893", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.75876", "scoring_system": "epss", "scoring_elements": "0.98931", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3658" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658", "reference_id": "CVE-2011-3658", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb", "reference_id": "CVE-2011-3658;OSVDB-77953", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-12-056/", "reference_id": "CVE-2011-3658;OSVDB-77953", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-056/" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-55", "reference_id": "mfsa2011-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-55" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3658" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1az2-21v2-5bbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2636?format=api", "vulnerability_id": "VCID-1bap-8k3p-kbe8", "summary": "Microsoft security researchers Shuo\nChen, Ziqing Mao, Yi-Min\nWang, and Ming Zhang reported that when a\nCONNECT request is sent to a proxy server and a non-200 response is\nreturned, then the body of the response is incorrectly rendered\nwithin the context of the request Host: header. An\nactive network attacker could use this vulnerability to intercept a\nCONNECT request and reply with a non-200 response containing malicious\ncode which would be executed within the context of the victim's\nrequested SSL-protected domain. Since this attack requires the victim\nto have a proxy configured, the severity of this issue was determined\nto be high.Thunderbird mail messages are not vulnerable to this flaw,\nbut if Thunderbird were being used in a browser-like manner (through Add-ons,\nperhaps) and JavaScript were enabled (not the default setting) then users could\nbe vulnerable to this flaw in older versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.84119", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.84142", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578", "reference_id": "503578", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836", "reference_id": "CVE-2009-1836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-27", "reference_id": "mfsa2009-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1836" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bap-8k3p-kbe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2402?format=api", "vulnerability_id": "VCID-1brb-2w5v-ukg9", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04347", "scoring_system": "epss", "scoring_elements": "0.89118", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04347", "scoring_system": "epss", "scoring_elements": "0.89134", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0463" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463", "reference_id": "CVE-2012-0463", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0463" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1brb-2w5v-ukg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2167?format=api", "vulnerability_id": "VCID-1cwm-47w2-63gg", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05442", "scoring_system": "epss", "scoring_elements": "0.90338", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05442", "scoring_system": "epss", "scoring_elements": "0.90353", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0163" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576391", "reference_id": "576391", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576391" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163", "reference_id": "CVE-2010-0163", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0163" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1cwm-47w2-63gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2892?format=api", "vulnerability_id": "VCID-1etx-4u7q-gfa3", "summary": "Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04425", "scoring_system": "epss", "scoring_elements": "0.89218", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04425", "scoring_system": "epss", "scoring_elements": "0.89236", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651", "reference_id": "CVE-2011-3651", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48", "reference_id": "mfsa2011-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3651" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1etx-4u7q-gfa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2337?format=api", "vulnerability_id": "VCID-1nd3-n5ad-rka9", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.851", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956", "reference_id": "CVE-2012-3956", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3956" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nd3-n5ad-rka9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2456?format=api", "vulnerability_id": "VCID-1r73-v4h5-7kc5", "summary": "Google security researcher Chris Evans reported that a\nwebsite could access a limited amount of data from a different domain by\nloading a same-domain JavaScript URL which redirects to an off-domain\ntarget resource containing data\nwhich is not parsable as JavaScript. Upon attempting to load the data as\nJavaScript a syntax error is generated that can reveal some of the file\ncontext via the window.onerror DOM API.This issue could be used by a malicious website to steal private data\nfrom users who are authenticated on the redirected website. How much\ndata could be at risk would depend on the format of the data and how\nthe JavaScript parser attempts to interpret it. For most files the\namount of data that can be recovered would be limited to the first\nword or two. Some data files might allow deeper probing with\nrepeated loads.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.Update December 18, 2008: The Windows version of Firefox\n2.0.0.19 was shipped without the fix for this issue (other platforms\nwere correctly patched). Firefox 2.0.0.20 has been released on Windows\nto correct this oversight.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44099", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44167", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5507" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476280", "reference_id": "476280", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476280" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507", "reference_id": "CVE-2008-5507", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-65", "reference_id": "mfsa2008-65", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5507" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1r73-v4h5-7kc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2328?format=api", "vulnerability_id": "VCID-1v9j-kd28-5ufe", "summary": "Google developer Tony Payne reported an out of bounds (OOB)\nread in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.68041", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.6808", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1960" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840213", "reference_id": "840213", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960", "reference_id": "CVE-2012-1960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-50", "reference_id": "mfsa2012-50", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-50" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1960" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v9j-kd28-5ufe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2871?format=api", "vulnerability_id": "VCID-1vg7-wd1h-qkec", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.These vulnerabilities did not affect the older browser engine used\nprior to Firefox 4.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0394", "scoring_system": "epss", "scoring_elements": "0.88548", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0394", "scoring_system": "epss", "scoring_elements": "0.88565", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3660" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660", "reference_id": "CVE-2011-3660", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-53", "reference_id": "mfsa2011-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-53" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3660" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vg7-wd1h-qkec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2301?format=api", "vulnerability_id": "VCID-1z2q-kuap-wkfk", "summary": "Security researcher Mariusz Mlynski reported that the\nlocation property can be accessed by binary plugins through\ntop.location and top can be shadowed by\nObject.defineProperty as well. This can allow for possible\ncross-site scripting (XSS) attacks through plugins.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00927", "scoring_system": "epss", "scoring_elements": "0.7643", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00927", "scoring_system": "epss", "scoring_elements": "0.76459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3994" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863622", "reference_id": "863622", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994", "reference_id": "CVE-2012-3994", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-82", "reference_id": "mfsa2012-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3994" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1z2q-kuap-wkfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2182?format=api", "vulnerability_id": "VCID-216v-x1r5-2ue1", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27259", "scoring_system": "epss", "scoring_elements": "0.96494", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.27259", "scoring_system": "epss", "scoring_elements": "0.96498", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576698", "reference_id": "576698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167", "reference_id": "CVE-2010-0167", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt", "reference_id": "CVE-2010-0167;OSVDB-63267", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt" }, { "reference_url": "https://www.securityfocus.com/bid/38944/info", "reference_id": "CVE-2010-0167;OSVDB-63267", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/38944/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0167" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-216v-x1r5-2ue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2197?format=api", "vulnerability_id": "VCID-23de-qepf-7fa8", "summary": "Security researcher Soroush Dalili reported that\npotentially sensitive URL parameters could be leaked across domains\nupon script errors when the script filename and line number is\nincluded in the error message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62358", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62404", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615488", "reference_id": "615488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615488" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754", "reference_id": "CVE-2010-2754", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-47", "reference_id": "mfsa2010-47", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2754" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23de-qepf-7fa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2327?format=api", "vulnerability_id": "VCID-23uc-h52u-b7ft", "summary": "Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, calls to history.forward and\nhistory.back are used to navigate to a site while displaying the previous site\nin the addressbar but changing the baseURI to the newer site. This can be used\nfor phishing by allowing the user to input form or other data on the newer,\nattacking, site while appearing to be on the older, displayed site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02583", "scoring_system": "epss", "scoring_elements": "0.85852", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02583", "scoring_system": "epss", "scoring_elements": "0.85873", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1955" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840206", "reference_id": "840206", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955", "reference_id": "CVE-2012-1955", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-45", "reference_id": "mfsa2012-45", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1955" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23uc-h52u-b7ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2224?format=api", "vulnerability_id": "VCID-25ey-k7xj-hfgk", "summary": "Security researchers Yosuke Hasegawa\nand Masatoshi Kimura reported that the x-mac-arabic,\nx-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS\nattacks due to some characters being converted to angle brackets when\ndisplayed by the rendering engine. Sites using these character\nencodings would thus be potentially vulnerable to script injection\nattacks if their script filtering code fails to strip out these\nspecific characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08052", "scoring_system": "epss", "scoring_elements": "0.92273", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08052", "scoring_system": "epss", "scoring_elements": "0.92286", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3770" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660439", "reference_id": "660439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770", "reference_id": "CVE-2010-3770", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt", "reference_id": "CVE-2010-3770;OSVDB-69772", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt" }, { "reference_url": "https://www.securityfocus.com/bid/45353/info", "reference_id": "CVE-2010-3770;OSVDB-69772", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/45353/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-84", "reference_id": "mfsa2010-84", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-84" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3770" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-25ey-k7xj-hfgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2394?format=api", "vulnerability_id": "VCID-29sb-u37n-audy", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79647", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79674", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1938" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938", "reference_id": "CVE-2012-1938", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1938" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29sb-u37n-audy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2498?format=api", "vulnerability_id": "VCID-29we-jnwd-9uga", "summary": "Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol. The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.84222", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.84245", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463246", "reference_id": "463246", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463246" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067", "reference_id": "CVE-2008-4067", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44", "reference_id": "mfsa2008-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4067" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29we-jnwd-9uga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2902?format=api", "vulnerability_id": "VCID-2atj-k716-gqee", "summary": "Security researcher Mario Heiderich reported that\nHTML-encoded entities were being improperly decoded when displayed\ninside SVG elements. This could lead to XSS attacks on sites relying\non HTML encoding of user-supplied content.The inline SVG feature was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2369", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49148", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49209", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2369" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369", "reference_id": "CVE-2011-2369", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-27", "reference_id": "mfsa2011-27", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-27" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2369" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2atj-k716-gqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2282?format=api", "vulnerability_id": "VCID-2dd7-kcvk-tqb4", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20011", "scoring_system": "epss", "scoring_elements": "0.95589", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.20011", "scoring_system": "epss", "scoring_elements": "0.95594", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187", "reference_id": "CVE-2012-4187", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4187" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dd7-kcvk-tqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2325?format=api", "vulnerability_id": "VCID-2gcp-9sky-3ffp", "summary": "Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, writes to\nlocation.hash can be used in concert with scripted history\nnavigation to cause a specific website to be loaded into the history object. The\nbaseURI can then be changed to this stored site, allowing an attacker to inject\na script or intercept posted data posted to a location specified with a relative\npath.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78728", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78754", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3992" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863624", "reference_id": "863624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992", "reference_id": "CVE-2012-3992", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-84", "reference_id": "mfsa2012-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-84" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3992" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2gcp-9sky-3ffp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2174?format=api", "vulnerability_id": "VCID-2gnx-bbf7-9yee", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that code used to normalize a\ndocument contained a logical flaw that could be leveraged to run\narbitrary code. When the normalization code ran, a static count of\nthe document's child nodes was used in the traversal, so a page could\nbe constructed that would remove DOM nodes during this normalization\nwhich could lead to the accessing of a deleted object and potentially\nthe execution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05221", "scoring_system": "epss", "scoring_elements": "0.90116", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05221", "scoring_system": "epss", "scoring_elements": "0.90133", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630069", "reference_id": "630069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766", "reference_id": "CVE-2010-2766", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-57", "reference_id": "mfsa2010-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2766" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2gnx-bbf7-9yee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2448?format=api", "vulnerability_id": "VCID-2px9-hc1z-3qca", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06165", "scoring_system": "epss", "scoring_elements": "0.90985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06165", "scoring_system": "epss", "scoring_elements": "0.90999", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5500" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476266", "reference_id": "476266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500", "reference_id": "CVE-2008-5500", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60", "reference_id": "mfsa2008-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5500" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2px9-hc1z-3qca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2645?format=api", "vulnerability_id": "VCID-2q9q-zxm9-37gw", "summary": "Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way. This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page. An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.64505", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.64547", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3985" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546726", "reference_id": "546726", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985", "reference_id": "CVE-2009-3985", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69", "reference_id": "mfsa2009-69", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3985" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2q9q-zxm9-37gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2385?format=api", "vulnerability_id": "VCID-2ry7-xkdn-4uak", "summary": "Security Researcher Matt McCutchen reported that a\nclickjacking attack using the certificate warning page. A man-in-the-middle\n(MITM) attacker can use an iframe to display its own certificate error warning\npage (about:certerror) with the \"Add Exception\" button of a real warning page\nfrom a malicious site. This can mislead users to adding a certificate exception\nfor a different site than the perceived one. This can lead to compromised\ncommunications with the user perceived site through the MITM attack once the\ncertificate exception has been added.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00901", "scoring_system": "epss", "scoring_elements": "0.76066", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00901", "scoring_system": "epss", "scoring_elements": "0.76091", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840222", "reference_id": "840222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840222" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964", "reference_id": "CVE-2012-1964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-54", "reference_id": "mfsa2012-54", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1964" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ry7-xkdn-4uak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2449?format=api", "vulnerability_id": "VCID-2zd3-s1bf-byh8", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04539", "scoring_system": "epss", "scoring_elements": "0.89363", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04539", "scoring_system": "epss", "scoring_elements": "0.89382", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476267", "reference_id": "476267", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501", "reference_id": "CVE-2008-5501", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60", "reference_id": "mfsa2008-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5501" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2zd3-s1bf-byh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/118748?format=api", "vulnerability_id": "VCID-33gy-nejj-5qe4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66343", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66394", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5822" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5822" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-33gy-nejj-5qe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2602?format=api", "vulnerability_id": "VCID-366w-42za-1qb1", "summary": "Security researcher Juan Pablo Lopez Yacubian\nreported that an attacker could call window.open() on an\ninvalid URL which looks similar to a legitimate URL and then\nuse document.write() to place content within the new\ndocument, appearing to have come from the spoofed location.\nAdditionally, if the spoofed document was created by a document with a\nvalid SSL certificate, the SSL indicators would be carried over into\nthe spoofed document. An attacker could use these issues to display\nmisleading location and SSL information for a malicious web page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13196", "scoring_system": "epss", "scoring_elements": "0.94263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.13196", "scoring_system": "epss", "scoring_elements": "0.94272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521311", "reference_id": "521311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654", "reference_id": "CVE-2009-2654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html", "reference_id": "CVE-2009-2654;OSVDB-56717", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html" }, { "reference_url": "https://www.securityfocus.com/bid/35803/info", "reference_id": "CVE-2009-2654;OSVDB-56717", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35803/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-44", "reference_id": "mfsa2009-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://usn.ubuntu.com/811-1/", "reference_id": "USN-811-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/811-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2654" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-366w-42za-1qb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2365?format=api", "vulnerability_id": "VCID-36q5-nexm-w3em", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03035", "scoring_system": "epss", "scoring_elements": "0.86916", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03035", "scoring_system": "epss", "scoring_elements": "0.86938", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843", "reference_id": "827843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940", "reference_id": "CVE-2012-1940", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1940" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36q5-nexm-w3em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2674?format=api", "vulnerability_id": "VCID-36t9-jpa3-3bfa", "summary": "Andrej Andolsek reported that when Firefox\nreceives a reply from a SOCKS5 proxy which contains a DNS name longer\nthan 15 characters, the subsequent data stream in the response can\nbecome corrupted. There was no evidence of memory corruption,\nhowever, and the severity of the issue was determined to be low.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.86067", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.86088", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512145", "reference_id": "512145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470", "reference_id": "CVE-2009-2470", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-38", "reference_id": "mfsa2009-38", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2470" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36t9-jpa3-3bfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2353?format=api", "vulnerability_id": "VCID-39se-79t4-bqf3", "summary": "Mozilla community member Ms2ger found an image rendering\nissue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects.\nThis can lead to a crash on a maliciously crafted web page. While there is no\nevidence that this is directly exploitable, there is a possibility of remote\ncode execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73566", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73602", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815037", "reference_id": "815037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478", "reference_id": "CVE-2012-0478", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-30", "reference_id": "mfsa2012-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0478" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39se-79t4-bqf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2825?format=api", "vulnerability_id": "VCID-3cnp-jdxy-nbas", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10043", "scoring_system": "epss", "scoring_elements": "0.93205", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10043", "scoring_system": "epss", "scoring_elements": "0.93216", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2987" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987", "reference_id": "CVE-2011-2987", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2987" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cnp-jdxy-nbas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2461?format=api", "vulnerability_id": "VCID-3edb-v152-t7ct", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects. moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object. These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02018", "scoring_system": "epss", "scoring_elements": "0.8407", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02018", "scoring_system": "epss", "scoring_elements": "0.84093", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4060" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463198", "reference_id": "463198", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463198" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060", "reference_id": "CVE-2008-4060", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41", "reference_id": "mfsa2008-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4060" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3edb-v152-t7ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2649?format=api", "vulnerability_id": "VCID-3f78-n439-6fhs", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0678", "scoring_system": "epss", "scoring_elements": "0.91471", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0678", "scoring_system": "epss", "scoring_elements": "0.91485", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0353" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483141", "reference_id": "483141", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353", "reference_id": "CVE-2009-0353", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01", "reference_id": "mfsa2009-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0353" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3f78-n439-6fhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2180?format=api", "vulnerability_id": "VCID-3gpe-mdjk-fug4", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03502", "scoring_system": "epss", "scoring_elements": "0.87824", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03502", "scoring_system": "epss", "scoring_elements": "0.87845", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165", "reference_id": "CVE-2010-0165", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0165" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gpe-mdjk-fug4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2233?format=api", "vulnerability_id": "VCID-3gpm-gttu-gudn", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the wrapper class XPCSafeJSObjectWrapper (SJOW) on\nthe Mozilla 1.9.1 development branch has a logical error in its\nscripted function implementation that allows the caller to run the\nfunction within the context of another site. This is a violation of\nthe same-origin policy and could be used to mount an XSS attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67509", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67551", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763", "reference_id": "CVE-2010-2763", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-60", "reference_id": "mfsa2010-60", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-60" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2763" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gpm-gttu-gudn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2840?format=api", "vulnerability_id": "VCID-3hfm-dr4a-ayac", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01538", "scoring_system": "epss", "scoring_elements": "0.81684", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01538", "scoring_system": "epss", "scoring_elements": "0.81715", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730522", "reference_id": "730522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984", "reference_id": "CVE-2011-2984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2984" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hfm-dr4a-ayac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2255?format=api", "vulnerability_id": "VCID-3knh-xsxc-r3dx", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04752", "scoring_system": "epss", "scoring_elements": "0.8962", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04752", "scoring_system": "epss", "scoring_elements": "0.89638", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182", "reference_id": "CVE-2012-4182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4182" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3knh-xsxc-r3dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115683?format=api", "vulnerability_id": "VCID-3mf6-16up-dygg", "summary": "firefox: information leak due to XSLT", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56282", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56338", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1712" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=697732", "reference_id": "697732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=697732" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-1712" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mf6-16up-dygg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2863?format=api", "vulnerability_id": "VCID-3pr5-2yb6-eff5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.68033", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.68072", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990", "reference_id": "CVE-2011-2990", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2990" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pr5-2yb6-eff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151054?format=api", "vulnerability_id": "VCID-3r4k-r99j-8uaz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56845", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56896", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2061" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2061" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3r4k-r99j-8uaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2251?format=api", "vulnerability_id": "VCID-3x39-wrcj-r7f1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02016", "scoring_system": "epss", "scoring_elements": "0.84052", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02016", "scoring_system": "epss", "scoring_elements": "0.84076", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3995" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995", "reference_id": "CVE-2012-3995", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3995" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3x39-wrcj-r7f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2867?format=api", "vulnerability_id": "VCID-3x8b-a8de-uff8", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.86537", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.86559", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2375" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375", "reference_id": "CVE-2011-2375", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2375" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8b-a8de-uff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2641?format=api", "vulnerability_id": "VCID-42et-b37x-v7dy", "summary": "Mozilla developer Blake Kaplan reported\nthat setTimeout, when called with certain object\nparameters which should be protected with\na XPCNativeWrapper, will fail to keep the object wrapped\nwhen compiling the new function to be executed. If chrome privileged\ncode were to call setTimeout using this as\nan argument, the this object will lose its wrapper and\ncould be unsafely accessed by chrome code. An attacker could use such\nvulnerable code to run arbitrary JavaScript with chrome\nprivileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02113", "scoring_system": "epss", "scoring_elements": "0.84427", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02113", "scoring_system": "epss", "scoring_elements": "0.84451", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2471" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512146", "reference_id": "512146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471", "reference_id": "CVE-2009-2471", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-39", "reference_id": "mfsa2009-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2471" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42et-b37x-v7dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2403?format=api", "vulnerability_id": "VCID-44gj-qav3-fyba", "summary": "Firefox prevents the dropping of javascript: links onto a frame\nto prevent malicious sites from tricking users into performing a cross-site\nscripting (XSS) attacks on themselves. Security researcher Soroush\nDalili reported a way to bypass this protection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0455", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01144", "scoring_system": "epss", "scoring_elements": "0.78783", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01144", "scoring_system": "epss", "scoring_elements": "0.78809", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0455" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803119", "reference_id": "803119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455", "reference_id": "CVE-2012-0455", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-13", "reference_id": "mfsa2012-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0455" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44gj-qav3-fyba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2382?format=api", "vulnerability_id": "VCID-44pj-mvww-fbd4", "summary": "Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01678", "scoring_system": "epss", "scoring_elements": "0.82508", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01678", "scoring_system": "epss", "scoring_elements": "0.82536", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=865286", "reference_id": "865286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191", "reference_id": "CVE-2012-4191", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88", "reference_id": "mfsa2012-88", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88" }, { "reference_url": "https://usn.ubuntu.com/1608-1/", "reference_id": "USN-1608-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1608-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4191" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44pj-mvww-fbd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2604?format=api", "vulnerability_id": "VCID-46dq-fn5m-nfdf", "summary": "Mozilla add-on developer and community member Wladimir\nPalant reported that content-loading policies were not\nchecked before loading external script files into XUL documents.\nThe severity of this problem would depend on the reasons behind the\ncontent policy check, which include privacy from \"web bugs\" in\nThunderbird mail messages, blocking of Ads and Ad-server tracking\nin AdBlock Plus.The original version of this advisory incorrectly claimed\nthat NoScript protection could by bypassed; NoScript was unaffected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.8068", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80707", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1840" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503582", "reference_id": "503582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503582" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840", "reference_id": "CVE-2009-1840", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-31", "reference_id": "mfsa2009-31", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1840" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46dq-fn5m-nfdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2658?format=api", "vulnerability_id": "VCID-4bk3-p2fq-6uhf", "summary": "Mozilla security researcher Georgi Guninski reported\nthat the fix for an earlier vulnerability reported by Liu Die Yu using local\ninternet shortcut files to access other sites\n(MFSA 2008-47) could be bypassed\nby redirecting to a privileged about: URI such as\nabout:plugins.\nIf an attacker could get a victim to\ndownload two files, a malicious HTML file and a .desktop shortcut\nfile, they could have the HTML document load a privileged chrome document\nvia the shortcut and both documents would be treated as same origin.\nThis vulnerability could potentially be used by an attacker to inject\narbitrary code into the chrome document and execute with chrome\nprivileges. Because this attack has relatively high complexity, the\nseverity of this issue was determined to be moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00909", "scoring_system": "epss", "scoring_elements": "0.76176", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00909", "scoring_system": "epss", "scoring_elements": "0.76201", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0356" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483144", "reference_id": "483144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356", "reference_id": "CVE-2009-0356", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-04", "reference_id": "mfsa2009-04", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0356" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bk3-p2fq-6uhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2499?format=api", "vulnerability_id": "VCID-4c6v-vu6t-tudu", "summary": "Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol. The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50431", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4068" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463248", "reference_id": "463248", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068", "reference_id": "CVE-2008-4068", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44", "reference_id": "mfsa2008-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4068" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4c6v-vu6t-tudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2823?format=api", "vulnerability_id": "VCID-4g1w-usb3-9kcq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06165", "scoring_system": "epss", "scoring_elements": "0.90985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06165", "scoring_system": "epss", "scoring_elements": "0.90999", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988", "reference_id": "CVE-2011-2988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2988" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4g1w-usb3-9kcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2210?format=api", "vulnerability_id": "VCID-4pvt-4d6d-9yc2", "summary": "Morten Kråkvik of Telenor SOC reported an exploit\ntargeting particular versions of Firefox 3.6 on Windows XP that\nTelenor found while investigating an intrusion attempt on a customer\nnetwork. The underlying vulnerability, however, was present on both\nthe Firefox 3.5 and Firefox 3.6 development branches and affected all\nsupported platforms.Reading mail in Thunderbird does not pose a risk to\nusers, however the vulnerability is present and could be triggered in\nRSS feeds if JavaScript is enabled or by an add-on that enables\nbrowser-like functionality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86773", "scoring_system": "epss", "scoring_elements": "0.99443", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.86773", "scoring_system": "epss", "scoring_elements": "0.99442", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3765" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0061", "reference_id": "0061", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0061" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html", "reference_id": "050061.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "reference_id": "050077.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "reference_id": "050154.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html", "reference_id": "050233.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114329", "reference_id": "100114329", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114329" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114335", "reference_id": "100114335", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114335" }, { "reference_url": "http://www.norman.com/security_center/virus_description_archive/129146/", "reference_id": "129146", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.norman.com/security_center/virus_description_archive/129146/" }, { "reference_url": "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/", "reference_id": "129223", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/" }, { "reference_url": "http://www.exploit-db.com/exploits/15341", "reference_id": "15341", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.exploit-db.com/exploits/15341" }, { "reference_url": "http://www.exploit-db.com/exploits/15342", "reference_id": "15342", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.exploit-db.com/exploits/15342" }, { "reference_url": "http://www.exploit-db.com/exploits/15352", "reference_id": "15352", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.exploit-db.com/exploits/15352" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2837", "reference_id": "2837", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2837" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2857", "reference_id": "2857", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2857" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2864", "reference_id": "2864", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2864" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2871", "reference_id": "2871", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2871" }, { "reference_url": "http://secunia.com/advisories/41761", "reference_id": "41761", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41761" }, { "reference_url": "http://secunia.com/advisories/41965", "reference_id": "41965", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41965" }, { "reference_url": "http://secunia.com/advisories/41966", "reference_id": "41966", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41966" }, { "reference_url": "http://secunia.com/advisories/41969", "reference_id": "41969", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41969" }, { "reference_url": "http://secunia.com/advisories/41975", "reference_id": "41975", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41975" }, { "reference_url": "http://secunia.com/advisories/42003", "reference_id": "42003", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42003" }, { "reference_url": "http://secunia.com/advisories/42008", "reference_id": "42008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42008" }, { "reference_url": "http://secunia.com/advisories/42043", "reference_id": "42043", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42043" }, { "reference_url": "http://secunia.com/advisories/42867", "reference_id": "42867", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42867" }, { "reference_url": "http://www.securityfocus.com/bid/44425", "reference_id": "44425", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securityfocus.com/bid/44425" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=646997", "reference_id": "646997", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=646997" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213", "reference_id": "advisories?name=MDVSA-2010:213", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219", "reference_id": "advisories?name=MDVSA-2010:219", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219" }, { "reference_url": "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/", "reference_id": "critical-vulnerability-in-firefox-3-5-and-firefox-3-6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765", "reference_id": "CVE-2010-3765", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html", "reference_id": "CVE-2010-3765;OSVDB-68905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb", "reference_id": "CVE-2010-3765;OSVDB-68905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html", "reference_id": "CVE-2010-3765;OSVDB-68921", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222", "reference_id": "CVE-2010-3765;OSVDB-68921;OSVDB-68905", "reference_type": "exploit", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html", "reference_id": "CVE-2010-3765;OSVDB-68921;OSVDB-68905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html" }, { "reference_url": "http://isc.sans.edu/diary.html?storyid=9817", "reference_id": "diary.html?storyid=9817", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://isc.sans.edu/diary.html?storyid=9817" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2124", "reference_id": "dsa-2124", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.debian.org/security/2010/dsa-2124" }, { "reference_url": "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter", "reference_id": "en?utm_source=twitterfeed&utm_medium=twitter", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "http://www.securitytracker.com/id?1024645", "reference_id": "id?1024645", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securitytracker.com/id?1024645" }, { "reference_url": "http://www.securitytracker.com/id?1024650", "reference_id": "id?1024650", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securitytracker.com/id?1024650" }, { "reference_url": "http://www.securitytracker.com/id?1024651", "reference_id": "id?1024651", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securitytracker.com/id?1024651" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-73", "reference_id": "mfsa2010-73", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-73" }, { "reference_url": "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "reference_id": "mfsa2010-73.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html" }, { "reference_url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "reference_id": "multiple_vulnerabilities_in_mozilla_firefox", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A12108", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0808", "reference_id": "RHSA-2010:0808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0808" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0808.html", "reference_id": "RHSA-2010-0808.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0808.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0809", "reference_id": "RHSA-2010:0809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0809" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0809.html", "reference_id": "RHSA-2010-0809.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0809.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0810", "reference_id": "RHSA-2010:0810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0810" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0810.html", "reference_id": "RHSA-2010-0810.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0810.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0812", "reference_id": "RHSA-2010:0812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0812" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2010-0812.html", "reference_id": "RHSA-2010-0812.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0812.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "reference_id": "RHSA-2010-0861.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0861.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "reference_id": "RHSA-2010-0896.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0896.html" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53", "reference_id": "show_bug.cgi?id=607222#c53", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53" }, { "reference_url": "http://www.ubuntu.com/usn/usn-1011-1", "reference_id": "usn-1011-1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.ubuntu.com/usn/usn-1011-1" }, { "reference_url": "https://usn.ubuntu.com/1011-1/", "reference_id": "USN-1011-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1011-1/" }, { "reference_url": "https://usn.ubuntu.com/1011-2/", "reference_id": "USN-1011-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1011-2/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1011-2", "reference_id": "USN-1011-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1011-2" }, { "reference_url": "https://usn.ubuntu.com/1011-3/", "reference_id": "USN-1011-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1011-3/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1011-3", "reference_id": "USN-1011-3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1011-3" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706", "reference_id": "viewer.php?l=slackware-security&y=2010&m=slackware-security.556706", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3765" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4pvt-4d6d-9yc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/155728?format=api", "vulnerability_id": "VCID-4q3c-nhva-xyeb", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.7078", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70822", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3399" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3399" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4q3c-nhva-xyeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2141?format=api", "vulnerability_id": "VCID-4qcc-z8qp-83e5", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a select event handler for XUL\ntree items could be called after the tree item was deleted. This\nresults in the execution of previously freed memory which an attacker\ncould use to crash a victim's browser and run arbitrary code on the\nvictim's computer.This vulnerability does not affect Firefox 3.6", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06689", "scoring_system": "epss", "scoring_elements": "0.91404", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06689", "scoring_system": "epss", "scoring_elements": "0.91418", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578149", "reference_id": "578149", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175", "reference_id": "CVE-2010-0175", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-17", "reference_id": "mfsa2010-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0175" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qcc-z8qp-83e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2882?format=api", "vulnerability_id": "VCID-4tq8-xb5y-yqfk", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05626", "scoring_system": "epss", "scoring_elements": "0.90501", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05626", "scoring_system": "epss", "scoring_elements": "0.90515", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0066" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700657", "reference_id": "700657", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066", "reference_id": "CVE-2011-0066", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0066" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tq8-xb5y-yqfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2159?format=api", "vulnerability_id": "VCID-4v9f-zksv-j7gt", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04334", "scoring_system": "epss", "scoring_elements": "0.89101", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04334", "scoring_system": "epss", "scoring_elements": "0.89118", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1200" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804", "reference_id": "590804", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200", "reference_id": "CVE-2010-1200", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1200" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4v9f-zksv-j7gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2357?format=api", "vulnerability_id": "VCID-4wx4-61y3-j3dr", "summary": "Security researcher Bill Keese reported a memory corruption.\nThis is caused by JSDependentString::undepend changing a dependent string into a\nfixed string when there are additional dependent strings relying on the same\nbase. When the undepend occurs during conversion, the base data is freed,\nleaving other dependent strings with dangling pointers. This can lead to a\npotentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03397", "scoring_system": "epss", "scoring_elements": "0.87629", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03397", "scoring_system": "epss", "scoring_elements": "0.8765", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840215", "reference_id": "840215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962", "reference_id": "CVE-2012-1962", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-52", "reference_id": "mfsa2012-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1962" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wx4-61y3-j3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2358?format=api", "vulnerability_id": "VCID-4xn6-vknf-8ycf", "summary": "Security researcher David Bloom of Cue discovered that\n<select> elements are always-on-top chromeless windows and\nthat navigation away from a page with an active <select> menu\ndoes not remove this window.When another menu is opened programmatically on a\nnew page, the original <select> menu can be retained and\narbitrary HTML content within it rendered, allowing an attacker to cover\narbitrary portions of the new page through absolute positioning/scrolling,\nleading to spoofing attacks. Security researcher Jordi Chancel\nfound a variation that would allow for click-jacking attacks was well.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01951", "scoring_system": "epss", "scoring_elements": "0.83791", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01951", "scoring_system": "epss", "scoring_elements": "0.83814", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616", "reference_id": "863616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984", "reference_id": "CVE-2012-3984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-75", "reference_id": "mfsa2012-75", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-75" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3984" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4xn6-vknf-8ycf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2626?format=api", "vulnerability_id": "VCID-4y1m-44s1-4fcb", "summary": "Security researcher Guido Landi discovered that a\nXSL stylesheet could be used to crash the browser during a XSL\ntransformation. An attacker could potentially use this crash to run\narbitrary code on a victim's computer.This vulnerability was also previously reported as a stability\nproblem by Ubuntu community member, Andre. Ubuntu\ncommunity member Michael Rooney reported Andre's\nfindings to Mozilla, and Mozilla community member Martin\nhelped reduce Andre's original testcase and contributed a patch to fix\nthe vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37495", "scoring_system": "epss", "scoring_elements": "0.97272", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.37495", "scoring_system": "epss", "scoring_elements": "0.97276", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=492211", "reference_id": "492211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=492211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169", "reference_id": "CVE-2009-1169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-12", "reference_id": "mfsa2009-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-12" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt", "reference_id": "OSVDB-53079;CVE-2009-1169", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0397", "reference_id": "RHSA-2009:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0398", "reference_id": "RHSA-2009:0398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0398" }, { "reference_url": "https://usn.ubuntu.com/745-1/", "reference_id": "USN-745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1169" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4y1m-44s1-4fcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2361?format=api", "vulnerability_id": "VCID-51qu-9wp7-9qgr", "summary": "An integer overflow in the libpng library can lead to a heap-buffer\noverflow when decompressing certain PNG images. This leads to a\ncrash, which may be potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43757", "scoring_system": "epss", "scoring_elements": "0.97596", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.43757", "scoring_system": "epss", "scoring_elements": "0.976", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3026" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=790737", "reference_id": "790737", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026", "reference_id": "CVE-2011-3026", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026" }, { "reference_url": "https://security.gentoo.org/glsa/201206-15", "reference_id": "GLSA-201206-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-15" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-11", "reference_id": "mfsa2012-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0140", "reference_id": "RHSA-2012:0140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0141", "reference_id": "RHSA-2012:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0142", "reference_id": "RHSA-2012:0142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0143", "reference_id": "RHSA-2012:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0317", "reference_id": "RHSA-2012:0317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0317" }, { "reference_url": "https://usn.ubuntu.com/1367-1/", "reference_id": "USN-1367-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-1/" }, { "reference_url": "https://usn.ubuntu.com/1367-2/", "reference_id": "USN-1367-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-2/" }, { "reference_url": "https://usn.ubuntu.com/1367-3/", "reference_id": "USN-1367-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-3/" }, { "reference_url": "https://usn.ubuntu.com/1367-4/", "reference_id": "USN-1367-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3026" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-51qu-9wp7-9qgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2298?format=api", "vulnerability_id": "VCID-51w7-2ypy-tbgq", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01281", "scoring_system": "epss", "scoring_elements": "0.79921", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01281", "scoring_system": "epss", "scoring_elements": "0.79946", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1952" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952", "reference_id": "CVE-2012-1952", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1952" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-51w7-2ypy-tbgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2897?format=api", "vulnerability_id": "VCID-5268-56yp-tfb7", "summary": "Security researcher Christian Holler reported that\nthe JavaScript engine's internal memory mapping of non-local JS\nvariables contained a buffer overflow which could potentially be used\nby an attacker to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09158", "scoring_system": "epss", "scoring_elements": "0.92837", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09158", "scoring_system": "epss", "scoring_elements": "0.92849", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0054" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675091", "reference_id": "675091", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054", "reference_id": "CVE-2011-0054", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-04", "reference_id": "mfsa2011-04", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0054" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5268-56yp-tfb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2134?format=api", "vulnerability_id": "VCID-54xd-e1tz-myck", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat when content script which is running in a chrome context accesses\na content object via SJOW, the content code can gain access to an\nobject from the chrome scope and use that object to run arbitrary\nJavaScript with chrome privileges.Firefox 3.5 and other Mozilla products built from\nGecko 1.9.1 were not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65674", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1215" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615463", "reference_id": "615463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615463" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215", "reference_id": "CVE-2010-1215", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38", "reference_id": "mfsa2010-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1215" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54xd-e1tz-myck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2648?format=api", "vulnerability_id": "VCID-57sy-21d1-pyew", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08533", "scoring_system": "epss", "scoring_elements": "0.9253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08533", "scoring_system": "epss", "scoring_elements": "0.92543", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483139", "reference_id": "483139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352", "reference_id": "CVE-2009-0352", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01", "reference_id": "mfsa2009-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0352" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57sy-21d1-pyew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2903?format=api", "vulnerability_id": "VCID-5am8-72dc-8yer", "summary": "Mozilla developer Boris Zbarsky reported that a frame\nnamed \"location\" could shadow the window.location object unless a\nscript in a page grabbed a reference to the true object before the frame\nwas created. Because some plugins use the value of window.location to determine\nthe page origin this could fool the plugin into granting the plugin content\naccess to another site or the local file system in violation of the Same Origin\nPolicy. This flaw allows circumvention of the fix added for\nMFSA 2010-10.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72893", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.7293", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2999" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741904", "reference_id": "741904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999", "reference_id": "CVE-2011-2999", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-38", "reference_id": "mfsa2011-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1343", "reference_id": "RHSA-2011:1343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1344", "reference_id": "RHSA-2011:1344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1344" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2999" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5am8-72dc-8yer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2220?format=api", "vulnerability_id": "VCID-5bux-q44x-mfak", "summary": "Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability. The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created. When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07986", "scoring_system": "epss", "scoring_elements": "0.92231", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07986", "scoring_system": "epss", "scoring_elements": "0.92243", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615464", "reference_id": "615464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752", "reference_id": "CVE-2010-2752", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py", "reference_id": "CVE-2010-2752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-39", "reference_id": "mfsa2010-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2752" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bux-q44x-mfak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2299?format=api", "vulnerability_id": "VCID-5cyv-1m27-zfd6", "summary": "magicant starmen reported that if a user chooses to\nexport their Firefox Sync key the \"Firefox Recovery Key.html\" file is\nsaved with incorrect permissions, making the file contents potentially\nreadable by other users on Linux and OS X systems.\nFirefox 3.6 is not affected by this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21737", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21817", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450", "reference_id": "CVE-2012-0450", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-09", "reference_id": "mfsa2012-09", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-09" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0450" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cyv-1m27-zfd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2845?format=api", "vulnerability_id": "VCID-5dm1-kvut-bbgv", "summary": "Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62813", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62857", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741917", "reference_id": "741917", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372", "reference_id": "CVE-2011-2372", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40", "reference_id": "mfsa2011-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2372" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dm1-kvut-bbgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2643?format=api", "vulnerability_id": "VCID-5ea4-6fsd-n7ax", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03012", "scoring_system": "epss", "scoring_elements": "0.86844", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03012", "scoring_system": "epss", "scoring_elements": "0.86866", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2664" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618341", "reference_id": "1618341", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664", "reference_id": "CVE-2009-2664", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45", "reference_id": "mfsa2009-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2664" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ea4-6fsd-n7ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2852?format=api", "vulnerability_id": "VCID-5edg-w3ju-huem", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\nan internal privilege check failed to respect the NoWaiverWrappers introduced\nwith Firefox 4. This could result in elevated privilege being granted to web content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00939", "scoring_system": "epss", "scoring_elements": "0.76595", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00939", "scoring_system": "epss", "scoring_elements": "0.76624", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3655" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655", "reference_id": "CVE-2011-3655", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-52", "reference_id": "mfsa2011-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-52" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3655" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5edg-w3ju-huem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2376?format=api", "vulnerability_id": "VCID-5h9x-peth-nufx", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG found a heap corruption in gfxImageSurface which\nallows for invalid frees and possible remote code execution. This happens due to\nfloat error, resulting from graphics values being passed through different\nnumber systems.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05707", "scoring_system": "epss", "scoring_elements": "0.90578", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05707", "scoring_system": "epss", "scoring_elements": "0.90592", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815020", "reference_id": "815020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470", "reference_id": "CVE-2012-0470", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-23", "reference_id": "mfsa2012-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0470" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5h9x-peth-nufx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2800?format=api", "vulnerability_id": "VCID-5p5c-wgaj-nybv", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06848", "scoring_system": "epss", "scoring_elements": "0.91516", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06848", "scoring_system": "epss", "scoring_elements": "0.91529", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079", "reference_id": "CVE-2011-0079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0079" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p5c-wgaj-nybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233586?format=api", "vulnerability_id": "VCID-5pv4-jtn7-97eu", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2007-2436" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5pv4-jtn7-97eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2812?format=api", "vulnerability_id": "VCID-5qnz-z32b-67hs", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03206", "scoring_system": "epss", "scoring_elements": "0.8725", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03206", "scoring_system": "epss", "scoring_elements": "0.87273", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675082", "reference_id": "675082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053", "reference_id": "CVE-2011-0053", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01", "reference_id": "mfsa2011-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0312", "reference_id": "RHSA-2011:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0313", "reference_id": "RHSA-2011:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0313" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0053" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qnz-z32b-67hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2175?format=api", "vulnerability_id": "VCID-5qv8-552b-j3hn", "summary": "Security researcher Ilja van Sprundel of IOActive\nreported that the Content-Disposition: attachment HTTP\nheader was ignored when Content-Type: multipart was also\npresent. This issue could potentially lead to XSS problems in sites\nthat allow users to upload arbitrary files and specify a Content-Type\nbut rely on Content-Disposition: attachment to prevent\nthe content from being displayed inline.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01032", "scoring_system": "epss", "scoring_elements": "0.77688", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01032", "scoring_system": "epss", "scoring_elements": "0.77716", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850", "reference_id": "590850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197", "reference_id": "CVE-2010-1197", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-32", "reference_id": "mfsa2010-32", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1197" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qv8-552b-j3hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2441?format=api", "vulnerability_id": "VCID-5rcy-z5xh-xuc2", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0291", "scoring_system": "epss", "scoring_elements": "0.86633", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0291", "scoring_system": "epss", "scoring_elements": "0.86655", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463201", "reference_id": "463201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062", "reference_id": "CVE-2008-4062", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4062" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5rcy-z5xh-xuc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2217?format=api", "vulnerability_id": "VCID-5sbu-sc2m-b3eg", "summary": "Security researcher Marc Schoenefeld reported that\na specially crafted font could be applied to a document and cause a\ncrash on Mac systems. The crash showed signs of memory corruption and\npresumably could be used by an attacker to execute arbitrary code on a\nvictim's computer.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86688", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.8671", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770", "reference_id": "CVE-2010-2770", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-58", "reference_id": "mfsa2010-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2770" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5sbu-sc2m-b3eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2434?format=api", "vulnerability_id": "VCID-5udv-bgsq-aqah", "summary": "Security researcher David Bloom reported that the\nbrowser's session restore feature can be used to violate the\nsame-origin policy and run JavaScript in the context of another site.\nAny otherwise unexploitable crash can be used to force the user into the\nsession restore state Mozilla security researcher moz_bug_r_a4 demonstrated that\nthis vulnerability could also be used by an attacker to run arbitrary\nJavaScript with chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12823", "scoring_system": "epss", "scoring_elements": "0.94158", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12823", "scoring_system": "epss", "scoring_elements": "0.94166", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5019" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470889", "reference_id": "470889", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470889" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019", "reference_id": "CVE-2008-5019", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-53", "reference_id": "mfsa2008-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5019" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5udv-bgsq-aqah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2433?format=api", "vulnerability_id": "VCID-5v21-5ssf-2kf5", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities in feedWriter which allow scripts from page\ncontent to run with chrome privileges.Firefox 3 is not affected by this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02943", "scoring_system": "epss", "scoring_elements": "0.86702", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02943", "scoring_system": "epss", "scoring_elements": "0.86724", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463188", "reference_id": "463188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463188" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836", "reference_id": "CVE-2008-3836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-39", "reference_id": "mfsa2008-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-39" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-3836" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5v21-5ssf-2kf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2303?format=api", "vulnerability_id": "VCID-5xa3-eyb5-j7bw", "summary": "Mozilla community member Matias Juntunen discovered an error\nin WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments\nfrom FindMaxUshortElement. This bug causes maximum index to be computed\nincorrectly within WebGL.drawElements, allowing the reading of illegal video\nmemory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72658", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72697", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0473" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815023", "reference_id": "815023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473", "reference_id": "CVE-2012-0473", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-26", "reference_id": "mfsa2012-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0473" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xa3-eyb5-j7bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2681?format=api", "vulnerability_id": "VCID-615z-2kke-63cz", "summary": "Bjoern Hoehrmann and security researcher Moxie\nMarlinspike independently reported\nthat Unicode box drawing characters were allowed in Internationalized\nDomain Names (IDN) where they could be visually confused with\npunctuation used in valid web addresses. This could be combined with\na phishing-type scam to trick a victim into thinking they were on a\ndifferent website than they actually were.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02133", "scoring_system": "epss", "scoring_elements": "0.845", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02133", "scoring_system": "epss", "scoring_elements": "0.84524", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0652" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=486704", "reference_id": "486704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652", "reference_id": "CVE-2009-0652", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-15", "reference_id": "mfsa2009-15", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0652" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-615z-2kke-63cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2315?format=api", "vulnerability_id": "VCID-64br-yc5f-wygx", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04114", "scoring_system": "epss", "scoring_elements": "0.88808", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04114", "scoring_system": "epss", "scoring_elements": "0.88825", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4216" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216", "reference_id": "CVE-2012-4216", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4216" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64br-yc5f-wygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58901?format=api", "vulnerability_id": "VCID-64mt-9155-tkbv", "summary": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03832", "scoring_system": "epss", "scoring_elements": "0.88361", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03832", "scoring_system": "epss", "scoring_elements": "0.88379", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389" }, { "reference_url": "https://curl.se/docs/CVE-2011-3389.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2011-3389.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "reference_id": "737506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "reference_url": "https://security.gentoo.org/glsa/201111-02", "reference_id": "GLSA-201111-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201111-02" }, { "reference_url": "https://security.gentoo.org/glsa/201203-02", "reference_id": "GLSA-201203-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-02" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1380", "reference_id": "RHSA-2011:1380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1384", "reference_id": "RHSA-2011:1384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0006", "reference_id": "RHSA-2012:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0034", "reference_id": "RHSA-2012:0034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0343", "reference_id": "RHSA-2012:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0508", "reference_id": "RHSA-2012:0508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1455", "reference_id": "RHSA-2013:1455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1455" }, { "reference_url": "https://usn.ubuntu.com/1263-1/", "reference_id": "USN-1263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1263-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3389" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64mt-9155-tkbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2815?format=api", "vulnerability_id": "VCID-65f1-zvsa-xqgg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06835", "scoring_system": "epss", "scoring_elements": "0.91505", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06835", "scoring_system": "epss", "scoring_elements": "0.91519", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989", "reference_id": "CVE-2011-2989", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2989" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-65f1-zvsa-xqgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2473?format=api", "vulnerability_id": "VCID-6e9x-84kp-n7ce", "summary": "Security researcher Chris Evans reported an error\nin the method used to parse the default namespace in an E4X document.\nThe error was caused by quote characters in the namespace not being\nproperly escaped. The severity of this issue was determined to be\nlow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07219", "scoring_system": "epss", "scoring_elements": "0.91757", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07219", "scoring_system": "epss", "scoring_elements": "0.91769", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5024" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470902", "reference_id": "470902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024", "reference_id": "CVE-2008-5024", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-58", "reference_id": "mfsa2008-58", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5024" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6e9x-84kp-n7ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2481?format=api", "vulnerability_id": "VCID-6hd5-6f4p-akb4", "summary": "Perl developer Chip Salzenberg reported that\ncertain control characters, when placed at the beginning of a URL,\nwould lead to incorrect parsing resulting in a malformed URL being\noutput by the parser. IBM researchers Justin Schuh,\nTom Cross, and Peter William also\nreported a related symptom as part of their research that resulted in\nMFSA 2008-37.\n\nThere was no direct security impact from this issue and its effect\nwas limited to the improper rendering of hyperlinks containing\nspecific characters. The severity of this issue was determined to be\nlow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02182", "scoring_system": "epss", "scoring_elements": "0.84667", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02182", "scoring_system": "epss", "scoring_elements": "0.84691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5508" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476281", "reference_id": "476281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508", "reference_id": "CVE-2008-5508", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-66", "reference_id": "mfsa2008-66", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-66" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5508" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hd5-6f4p-akb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2140?format=api", "vulnerability_id": "VCID-6kcv-fk1f-x7ez", "summary": "Mozilla developer Blake Kaplan reported that the\nwrapper class XPCSafeJSObjectWrapper (SJOW), a security\nwrapper that allows content-defined objects to be safely accessed by\nprivileged code, creates scope chains ending in outer objects. Users\nof SJOWs which expect the scope chain to end on an inner object may be\nhanded a chrome privileged object which could be leveraged to run\narbitrary JavaScript with chrome privileges.Michal Zalewski's recent contributions helped to\nidentify this architectural weakness.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0174", "scoring_system": "epss", "scoring_elements": "0.82854", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0174", "scoring_system": "epss", "scoring_elements": "0.8288", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2762" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630071", "reference_id": "630071", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762", "reference_id": "CVE-2010-2762", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-59", "reference_id": "mfsa2010-59", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2762" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kcv-fk1f-x7ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2145?format=api", "vulnerability_id": "VCID-6ndf-9s4u-qfen", "summary": "Security researcher Gregory Fleischer reported\nthat when a Java LiveConnect script was loaded via\na data: URL which redirects via a meta refresh, then the\nresulting plugin object was created with the wrong security principal\nand thus received elevated privileges such as the abilities to read\nlocal files, launch processes, and create network connections.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03473", "scoring_system": "epss", "scoring_elements": "0.87766", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03473", "scoring_system": "epss", "scoring_elements": "0.87788", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660422", "reference_id": "660422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775", "reference_id": "CVE-2010-3775", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-79", "reference_id": "mfsa2010-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3775" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ndf-9s4u-qfen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2868?format=api", "vulnerability_id": "VCID-6pcu-ba9e-bqb5", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02371", "scoring_system": "epss", "scoring_elements": "0.85248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02371", "scoring_system": "epss", "scoring_elements": "0.85272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376", "reference_id": "CVE-2011-2376", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2376" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pcu-ba9e-bqb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2404?format=api", "vulnerability_id": "VCID-6ux3-jruj-xkfq", "summary": "Security researcher Mariusz Mlynski reported that when a\npage opens a new tab, a subsequent window can then be opened that can be\nnavigated to about:newtab, a chrome privileged page. Once\nabout:newtab is loaded, the special context can potentially be used\nto escalate privilege, allowing for arbitrary code execution on the local system\nin a maliciously crafted attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01126", "scoring_system": "epss", "scoring_elements": "0.7863", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01126", "scoring_system": "epss", "scoring_elements": "0.78657", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851916", "reference_id": "851916", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965", "reference_id": "CVE-2012-3965", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-60", "reference_id": "mfsa2012-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-60" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3965" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ux3-jruj-xkfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2186?format=api", "vulnerability_id": "VCID-6vby-kb9g-r7ey", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a nsDOMAttribute\nnode can be modified without informing the iterator object responsible\nfor various DOM traversals. This flaw could lead to a inconsistent\nstate where the iterator points to an object it believes is part of\nthe DOM but actually points to some other object. If such an object\nhad been deleted and its memory reclaimed by the system, then the\niterator could be used to call into attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07145", "scoring_system": "epss", "scoring_elements": "0.91703", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07145", "scoring_system": "epss", "scoring_elements": "0.91716", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660429", "reference_id": "660429", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766", "reference_id": "CVE-2010-3766", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-80", "reference_id": "mfsa2010-80", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-80" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3766" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vby-kb9g-r7ey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2184?format=api", "vulnerability_id": "VCID-6wb2-shx3-jqgk", "summary": "Security researcher Nils of MWR InfoSecurity\nreported that the routine for setting the text value for certain types\nof DOM nodes contained an integer overflow vulnerability. When a very\nlong string was passed to this routine, the integer value used in\ncreating a new memory buffer to hold the string would overflow,\nresulting in too small a buffer being allocated. An attacker could\nuse this vulnerability to write data past the end of the buffer,\ncausing a crash and potentially running arbitrary code on a victim's\ncomputer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05226", "scoring_system": "epss", "scoring_elements": "0.90122", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05226", "scoring_system": "epss", "scoring_elements": "0.90139", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590830", "reference_id": "590830", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196", "reference_id": "CVE-2010-1196", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-29", "reference_id": "mfsa2010-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1196" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wb2-shx3-jqgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2246?format=api", "vulnerability_id": "VCID-6ysw-nweg-vkau", "summary": "Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01406", "scoring_system": "epss", "scoring_elements": "0.80812", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01406", "scoring_system": "epss", "scoring_elements": "0.80839", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4193" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=865215", "reference_id": "865215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193", "reference_id": "CVE-2012-4193", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89", "reference_id": "mfsa2012-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1361", "reference_id": "RHSA-2012:1361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1362", "reference_id": "RHSA-2012:1362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1362" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4193" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ysw-nweg-vkau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2214?format=api", "vulnerability_id": "VCID-76de-mqmg-vqgw", "summary": "Mozilla developers identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02476", "scoring_system": "epss", "scoring_elements": "0.85555", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02476", "scoring_system": "epss", "scoring_elements": "0.85577", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566047", "reference_id": "566047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159", "reference_id": "CVE-2010-0159", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-01", "reference_id": "mfsa2010-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0159" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76de-mqmg-vqgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2253?format=api", "vulnerability_id": "VCID-76yr-a59q-u3f3", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09485", "scoring_system": "epss", "scoring_elements": "0.9298", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09485", "scoring_system": "epss", "scoring_elements": "0.92991", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180", "reference_id": "CVE-2012-4180", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4180" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76yr-a59q-u3f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2243?format=api", "vulnerability_id": "VCID-785g-4bq9-afc4", "summary": "Security researcher Mariusz Mlynski reported that an\nattacker able to convince a potential victim to set a new home page by dragging\na link to the \"home\" button can set that user's home page to a\njavascript: URL. Once this is done the attacker's page can cause\nrepeated crashes of the browser, eventually getting the script URL loaded in the\nprivileged about:sessionrestore context.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.84247", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.8427", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0458" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803113", "reference_id": "803113", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803113" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458", "reference_id": "CVE-2012-0458", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-16", "reference_id": "mfsa2012-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0458" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-785g-4bq9-afc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2350?format=api", "vulnerability_id": "VCID-78na-3u18-xfag", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75594", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75623", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1970" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851909", "reference_id": "851909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970", "reference_id": "CVE-2012-1970", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57", "reference_id": "mfsa2012-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1970" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-78na-3u18-xfag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2859?format=api", "vulnerability_id": "VCID-7e5b-9pc6-ybey", "summary": "Security researcher Paul Stone reported that a\nJava applet could be used to mimic interaction with form autocomplete\ncontrols and steal entries from the form history.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0052", "scoring_system": "epss", "scoring_elements": "0.67178", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0052", "scoring_system": "epss", "scoring_elements": "0.67218", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700644", "reference_id": "700644", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700644" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067", "reference_id": "CVE-2011-0067", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14", "reference_id": "mfsa2011-14", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0067" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7e5b-9pc6-ybey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2153?format=api", "vulnerability_id": "VCID-7k5r-vr13-f7e8", "summary": "Microsoft Vulnerability Research reported that two\nplugin instances could interact in a way in which one plugin gets a\nreference to an object owned by a second plugin and continues to hold\nthat reference after the second plugin is unloaded and its object is\ndestroyed. In these cases, the first plugin would contain a pointer\nto freed memory which, if accessed, could be used by an attacker to\nexecute arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05287", "scoring_system": "epss", "scoring_elements": "0.90182", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05287", "scoring_system": "epss", "scoring_elements": "0.90198", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1198" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828", "reference_id": "590828", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198", "reference_id": "CVE-2010-1198", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-28", "reference_id": "mfsa2010-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1198" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7k5r-vr13-f7e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2150?format=api", "vulnerability_id": "VCID-7kav-ywtp-1fdw", "summary": "Dirk Heinrich reported that on Windows platforms\nwhen document.write() was called with a very long string\na buffer overflow was caused in line breaking routines attempting to\nprocess the string for display. Such cases triggered an invalid read\npast the end of an array causing a crash which an attacker could\npotentially use to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08397", "scoring_system": "epss", "scoring_elements": "0.92465", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08397", "scoring_system": "epss", "scoring_elements": "0.92478", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769", "reference_id": "CVE-2010-3769", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-75", "reference_id": "mfsa2010-75", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3769" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kav-ywtp-1fdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2654?format=api", "vulnerability_id": "VCID-7kkw-nz5m-nqg3", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04649", "scoring_system": "epss", "scoring_elements": "0.89482", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04649", "scoring_system": "epss", "scoring_elements": "0.89501", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546713", "reference_id": "546713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981", "reference_id": "CVE-2009-3981", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3981" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kkw-nz5m-nqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2447?format=api", "vulnerability_id": "VCID-7n2t-5a6v-37hr", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in\nnsXMLHttpRequest::NotifyEventListeners() could be\nbypassed. This vulnerability could be used to execute JavaScript in\nthe context of a different website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13446", "scoring_system": "epss", "scoring_elements": "0.94332", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.13446", "scoring_system": "epss", "scoring_elements": "0.9434", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5022" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470895", "reference_id": "470895", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022", "reference_id": "CVE-2008-5022", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-56", "reference_id": "mfsa2008-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5022" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7n2t-5a6v-37hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2664?format=api", "vulnerability_id": "VCID-7ns3-vfk2-jqbs", "summary": "An anonymous researcher, via TippingPoint's Zero Day Initiative\nprogram, reported a vulnerability in Mozilla's garbage collection\nprocess. The vulnerability was caused by improper memory management\nof a set of cloned XUL DOM elements which were linked as a parent and\nchild. After reloading the browser on a page with such linked\nelements, the browser would crash when attempting to access an object\nwhich was already destroyed. An attacker could use this crash to run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06585", "scoring_system": "epss", "scoring_elements": "0.91326", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06585", "scoring_system": "epss", "scoring_elements": "0.9134", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488287", "reference_id": "488287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775", "reference_id": "CVE-2009-0775", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-08", "reference_id": "mfsa2009-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0775" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ns3-vfk2-jqbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150871?format=api", "vulnerability_id": "VCID-7qyd-jcdw-suge", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15887", "scoring_system": "epss", "scoring_elements": "0.94873", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15887", "scoring_system": "epss", "scoring_elements": "0.94882", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1828" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html", "reference_id": "OSVDB-56406;CVE-2009-1828", "reference_type": "exploit", "scores": [], "url": "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt", "reference_id": "OSVDB-56406;CVE-2009-1828", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1828" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qyd-jcdw-suge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2864?format=api", "vulnerability_id": "VCID-7rwb-wtw8-wqhz", "summary": "Independent security researcher Kuza55 and\nMicrosoft security researcher Tom Gallagher reported\nthat when plugin-initiated requests receive a 307 redirect response,\nthe plugin is not notified and the request is forwarded to the new\nlocation. This is true even for cross-site redirects, so any custom\nheaders that were added as part of the initial request would be\nforwarded intact across origins. This poses a CSRF risk for web\napplications that rely on custom headers only being present in\nrequests from their own origin.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45743", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45811", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0059" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=681369", "reference_id": "681369", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681369" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059", "reference_id": "CVE-2011-0059", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-10", "reference_id": "mfsa2011-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0313", "reference_id": "RHSA-2011:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0313" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0059" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rwb-wtw8-wqhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2250?format=api", "vulnerability_id": "VCID-7tk5-9u1x-nkbj", "summary": "Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to \"top\". This can allow for possible cross-site scripting (XSS) attacks through plugins. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84241", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84264", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4209" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877632", "reference_id": "877632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209", "reference_id": "CVE-2012-4209", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-103", "reference_id": "mfsa2012-103", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4209" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tk5-9u1x-nkbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2177?format=api", "vulnerability_id": "VCID-84nu-2fbp-qqc3", "summary": "Security researcher Evgeny Legerov of Intevydis\nreported that the WOFF decoder contains an integer overflow in a\nfont decompression routine. This flaw could result in too small a\nmemory buffer being allocated to store a downloadable font. An\nattacker could use this vulnerability to crash a victim's browser\nand execute arbitrary code on his/her system.Support for the WOFF downloadable font format\nis new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect\nproducts built on earlier versions of the Mozilla browser engine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09896", "scoring_system": "epss", "scoring_elements": "0.93146", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09896", "scoring_system": "epss", "scoring_elements": "0.93158", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1028" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566596", "reference_id": "566596", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566596" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085", "reference_id": "787085", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028", "reference_id": "CVE-2010-1028", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08", "reference_id": "mfsa2010-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1028" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84nu-2fbp-qqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2673?format=api", "vulnerability_id": "VCID-84tr-6hzu-hycc", "summary": "Mozilla contributor Masahiro Yamada reported that\ncertain invisible control characters were being decoded when displayed\nin the location bar, resulting in fewer visible characters than were\npresent in the actual location. An attacker could use this\nvulnerability to spoof the location bar and display a misleading URL\nfor their malicious web page.The initial version of this advisory incorrectly listed\nThunderbird and SeaMonkey as affected products. Firefox is the only\nproduct affected by this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.84095", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.84118", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488292", "reference_id": "488292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488292" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777", "reference_id": "CVE-2009-0777", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-11", "reference_id": "mfsa2009-11", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0777" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84tr-6hzu-hycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2203?format=api", "vulnerability_id": "VCID-8611-tzyq-e7b3", "summary": "Mozilla community member Wladimir Palant reported\nthat XML documents were failing to call certain security checks when\nloading new content. This could result in certain resources being\nloaded that would otherwise violate security policies set by the\nbrowser or installed add-ons.This issue has not been fixed in Firefox 3.0", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.80075", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.801", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=586580", "reference_id": "586580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=586580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182", "reference_id": "CVE-2010-0182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-24", "reference_id": "mfsa2010-24", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0182" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8611-tzyq-e7b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2488?format=api", "vulnerability_id": "VCID-8739-h7f2-tqe7", "summary": "Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed. The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped. This issue could potentially be used to bypass naive script filtering and used in an XSS attack. This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01204", "scoring_system": "epss", "scoring_elements": "0.79273", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01204", "scoring_system": "epss", "scoring_elements": "0.79299", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4066" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463243", "reference_id": "463243", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463243" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066", "reference_id": "CVE-2008-4066", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43", "reference_id": "mfsa2008-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4066" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8739-h7f2-tqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2323?format=api", "vulnerability_id": "VCID-87rg-y5r7-gfe8", "summary": "Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a\ndata: URL. In this issue, context menu functionality (\"View Image\", \"Show only this frame\", and \"View background image\") are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01351", "scoring_system": "epss", "scoring_elements": "0.80429", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01351", "scoring_system": "epss", "scoring_elements": "0.80455", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840207", "reference_id": "840207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966", "reference_id": "CVE-2012-1966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-46", "reference_id": "mfsa2012-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1966" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87rg-y5r7-gfe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2904?format=api", "vulnerability_id": "VCID-892p-jjxp-b3ch", "summary": "Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81969", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.82003", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002", "reference_id": "CVE-2011-3002", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41", "reference_id": "mfsa2011-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3002" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-892p-jjxp-b3ch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2296?format=api", "vulnerability_id": "VCID-8bbr-kv7e-ubdy", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05001", "scoring_system": "epss", "scoring_elements": "0.89883", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05001", "scoring_system": "epss", "scoring_elements": "0.89899", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1954" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954", "reference_id": "CVE-2012-1954", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1954" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bbr-kv7e-ubdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2160?format=api", "vulnerability_id": "VCID-8erf-ppv3-s3hp", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04587", "scoring_system": "epss", "scoring_elements": "0.89414", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04587", "scoring_system": "epss", "scoring_elements": "0.89432", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608108", "reference_id": "608108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608108" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201", "reference_id": "CVE-2010-1201", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1201" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8erf-ppv3-s3hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2192?format=api", "vulnerability_id": "VCID-8fvy-p898-quf1", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03233", "scoring_system": "epss", "scoring_elements": "0.8731", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03233", "scoring_system": "epss", "scoring_elements": "0.87332", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642275", "reference_id": "642275", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175", "reference_id": "CVE-2010-3175", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64", "reference_id": "mfsa2010-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3175" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fvy-p898-quf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2189?format=api", "vulnerability_id": "VCID-8nnr-7fr7-gbc6", "summary": "phpBB developer Henry Sudhof reported that when an\nimage tag points to a resource that redirects to\na mailto: URL, the external mail handler application is\nlaunched. This issue poses no security threat to users but could\ncreate an annoyance when browsing a site that allows users to post\narbitrary images.This issue has not been fixed in Firefox 3.0", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.85999", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.8602", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181", "reference_id": "CVE-2010-0181", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-23", "reference_id": "mfsa2010-23", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-23" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0181" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nnr-7fr7-gbc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2345?format=api", "vulnerability_id": "VCID-8nve-6ct9-p3hr", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84478", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84503", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964", "reference_id": "CVE-2012-3964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3964" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nve-6ct9-p3hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2286?format=api", "vulnerability_id": "VCID-8p74-crdm-a3hr", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78432", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5842" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877614", "reference_id": "877614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842", "reference_id": "CVE-2012-5842", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91", "reference_id": "mfsa2012-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5842" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8p74-crdm-a3hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2493?format=api", "vulnerability_id": "VCID-8ruf-tyrh-wyea", "summary": "An anonymous security researcher reported via TippingPoint's Zero\nDay Initiative that insufficient checks were being performed to test\nwhether the Flash module was properly dynamically unloaded.\nThe researcher demonstrated that a SWF file which dynamically unloads\nitself from an outside JavaScript function can cause the browser to access\na memory address no longer mapped to the Flash module, resulting in a\ncrash. This crash could be used by an attacker to run arbitrary code\non a victim's computer.Firefox 3 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2392", "scoring_system": "epss", "scoring_elements": "0.96128", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2392", "scoring_system": "epss", "scoring_elements": "0.96133", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470867", "reference_id": "470867", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013", "reference_id": "CVE-2008-5013", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-49", "reference_id": "mfsa2008-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5013" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ruf-tyrh-wyea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2436?format=api", "vulnerability_id": "VCID-8s9w-1fdt-zqf3", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21255", "scoring_system": "epss", "scoring_elements": "0.95786", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.21255", "scoring_system": "epss", "scoring_elements": "0.95791", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470881", "reference_id": "470881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016", "reference_id": "CVE-2008-5016", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52", "reference_id": "mfsa2008-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5016" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8s9w-1fdt-zqf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2199?format=api", "vulnerability_id": "VCID-8th4-qk1v-m3f1", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06912", "scoring_system": "epss", "scoring_elements": "0.91555", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06912", "scoring_system": "epss", "scoring_elements": "0.91568", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660415", "reference_id": "660415", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777", "reference_id": "CVE-2010-3777", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74", "reference_id": "mfsa2010-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0969", "reference_id": "RHSA-2010:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0969" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3777" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8th4-qk1v-m3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/118753?format=api", "vulnerability_id": "VCID-8tqt-thhv-puhw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10859", "scoring_system": "epss", "scoring_elements": "0.9351", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10859", "scoring_system": "epss", "scoring_elements": "0.93521", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html", "reference_id": "OSVDB-52657;CVE-2009-0071", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0071" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tqt-thhv-puhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2682?format=api", "vulnerability_id": "VCID-8w8b-971x-aqhb", "summary": "Mozilla security researcher moz_bug_r_a4 reported\na series of vulnerabilities in which objects that normally receive\na XPCCrossOriginWrapper are constructed without the\nwrapper. This can lead to cases where JavaScript from one website may\nunsafely access properties of such an object which had been set by a\ndifferent website. A malicious website could use this vulnerability\nto launch a XSS attack and run arbitrary JavaScript within the context\nof another site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72394", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72435", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2472" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512147", "reference_id": "512147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472", "reference_id": "CVE-2009-2472", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-40", "reference_id": "mfsa2009-40", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2472" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8w8b-971x-aqhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2283?format=api", "vulnerability_id": "VCID-8wdc-cdyz-9qea", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52507", "scoring_system": "epss", "scoring_elements": "0.97988", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.52507", "scoring_system": "epss", "scoring_elements": "0.97991", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4188" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188", "reference_id": "CVE-2012-4188", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4188" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wdc-cdyz-9qea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2245?format=api", "vulnerability_id": "VCID-8xap-v6vg-vyaq", "summary": "Bugzilla developer Frédéric Buclin reported that the\n\"X-Frame-Options header is ignored when the value is duplicated,\nfor example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This\nduplication occurs for unknown reasons on some websites and when it occurs\nresults in Mozilla browsers not being protected against possible clickjacking\nattacks on those pages", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01172", "scoring_system": "epss", "scoring_elements": "0.79024", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01172", "scoring_system": "epss", "scoring_elements": "0.79051", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840214", "reference_id": "840214", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961", "reference_id": "CVE-2012-1961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-51", "reference_id": "mfsa2012-51", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1961" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xap-v6vg-vyaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2832?format=api", "vulnerability_id": "VCID-8zvx-szzh-cubm", "summary": "Yosuke Hasegawa reported that the Mozilla browser engine\nmishandled invalid sequences in the Shift-JIS encoding. When encountering an\ninvalid pair Mozilla would turn the entire two-byte sequence into a single\nunknown character rather than an unknown character followed by a valid\nsingle-byte character. On some sites attackers may have been able to\nend their input with the first byte of a two byte sequence; when that\ninput was later put into a page context it might cause the following\ndelimiter (such as a double-quote) to be consumed, breaking the format\nof the page. Depending on the page this could potentially be used to\nsteal data or inject script into the page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56878", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56929", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3648" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751932", "reference_id": "751932", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648", "reference_id": "CVE-2011-3648", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-47", "reference_id": "mfsa2011-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1437", "reference_id": "RHSA-2011:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1438", "reference_id": "RHSA-2011:1438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1439", "reference_id": "RHSA-2011:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1440", "reference_id": "RHSA-2011:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1440" }, { "reference_url": "https://usn.ubuntu.com/1251-1/", "reference_id": "USN-1251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1251-1/" }, { "reference_url": "https://usn.ubuntu.com/1254-1/", "reference_id": "USN-1254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1254-1/" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3648" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zvx-szzh-cubm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2333?format=api", "vulnerability_id": "VCID-913y-fp3u-dqd2", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04246", "scoring_system": "epss", "scoring_elements": "0.88978", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04246", "scoring_system": "epss", "scoring_elements": "0.88995", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973", "reference_id": "CVE-2012-1973", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1973" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-913y-fp3u-dqd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2846?format=api", "vulnerability_id": "VCID-962z-cq1v-jqg3", "summary": "Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4202", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42094", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001", "reference_id": "CVE-2011-3001", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40", "reference_id": "mfsa2011-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3001" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-962z-cq1v-jqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2183?format=api", "vulnerability_id": "VCID-9b97-rcfn-fyhh", "summary": "Security researcher Alexander Miller reported that\npassing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22551", "scoring_system": "epss", "scoring_elements": "0.9595", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.22551", "scoring_system": "epss", "scoring_elements": "0.95955", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642277", "reference_id": "642277", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179", "reference_id": "CVE-2010-3179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html", "reference_id": "CVE-2010-3179;OSVDB-68850", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html" }, { "reference_url": "https://www.securityfocus.com/bid/44247/info", "reference_id": "CVE-2010-3179;OSVDB-68850", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/44247/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-65", "reference_id": "mfsa2010-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3179" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9b97-rcfn-fyhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2176?format=api", "vulnerability_id": "VCID-9d6f-k4cg-57gt", "summary": "Google security researcher Chris Evans reported\nthat data can be read across domains by injecting bogus CSS selectors\ninto a target site and then retrieving the data using JavaScript APIs.\nIf an attacker can inject opening and closing portions of a CSS\nselector into points A and B of a target page, then the region between\nthe two injection points becomes readable to JavaScript through, for\nexample, the getComputedStyle() API.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72472", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72514", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=568231", "reference_id": "568231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=568231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654", "reference_id": "CVE-2010-0654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-46", "reference_id": "mfsa2010-46", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0654" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d6f-k4cg-57gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2438?format=api", "vulnerability_id": "VCID-9hn6-ug7p-akc9", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20193", "scoring_system": "epss", "scoring_elements": "0.95617", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.20193", "scoring_system": "epss", "scoring_elements": "0.95623", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5018" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470884", "reference_id": "470884", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018", "reference_id": "CVE-2008-5018", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52", "reference_id": "mfsa2008-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5018" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hn6-ug7p-akc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2471?format=api", "vulnerability_id": "VCID-9hzm-uexa-n7gc", "summary": "ling and wushi of team509, via\nTippingPoint's Zero Day Initiative program, reported a flaw in part of\nMozilla's DOM constructing code. This vulnerability can be exploited\nby modifying certain properties of a file input element before it has\nfinished initializing. When the blur method of the\nmodified input element is called, uninitialized memory is accessed by\nthe browser, resulting in a crash. This crash may be used by an\nattacker to run arbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23762", "scoring_system": "epss", "scoring_elements": "0.96105", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.23762", "scoring_system": "epss", "scoring_elements": "0.9611", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470894", "reference_id": "470894", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470894" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021", "reference_id": "CVE-2008-5021", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-55", "reference_id": "mfsa2008-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5021" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzm-uexa-n7gc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116610?format=api", "vulnerability_id": "VCID-9jbk-g322-zfbj", "summary": "firefox 3.5 various flaws", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11193", "scoring_system": "epss", "scoring_elements": "0.93639", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11193", "scoring_system": "epss", "scoring_elements": "0.93649", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228", "reference_id": "511228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html", "reference_id": "OSVDB-55931;CVE-2009-2479", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2479" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9jbk-g322-zfbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2669?format=api", "vulnerability_id": "VCID-9kfx-ukhq-hbee", "summary": "Web developer Cefn Hoile reported that sites which\nallow users to embed third-party stylesheets are vulnerable to script\ninjection attacks using XBL bindings. While this behavior was\ndocumented previously, it was determined that this particular risk was\nnot well-understood by some websites. To mitigate this risk Mozilla\nadded a restriction that requires XBL bindings to come from the same\norigin as the bound document.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01099", "scoring_system": "epss", "scoring_elements": "0.78376", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01099", "scoring_system": "epss", "scoring_elements": "0.78403", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1308" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266", "reference_id": "496266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308", "reference_id": "CVE-2009-1308", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-18", "reference_id": "mfsa2009-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1308" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kfx-ukhq-hbee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2378?format=api", "vulnerability_id": "VCID-9kga-83c7-q3g5", "summary": "Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the \"~\" character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79904", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79929", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4207" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877629", "reference_id": "877629", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207", "reference_id": "CVE-2012-4207", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-101", "reference_id": "mfsa2012-101", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4207" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kga-83c7-q3g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116627?format=api", "vulnerability_id": "VCID-9ktj-zqhz-cbac", "summary": "Thunderbird mail crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05533", "scoring_system": "epss", "scoring_elements": "0.90417", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05533", "scoring_system": "epss", "scoring_elements": "0.90432", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=507812", "reference_id": "507812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=507812" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1134", "reference_id": "RHSA-2009:1134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2210" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ktj-zqhz-cbac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2838?format=api", "vulnerability_id": "VCID-9nau-7u2c-x7e7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04955", "scoring_system": "epss", "scoring_elements": "0.89834", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04955", "scoring_system": "epss", "scoring_elements": "0.8985", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2378" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730521", "reference_id": "730521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378", "reference_id": "CVE-2011-2378", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1166", "reference_id": "RHSA-2011:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1166" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2378" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nau-7u2c-x7e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2406?format=api", "vulnerability_id": "VCID-9q39-smj2-gyee", "summary": "Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01381", "scoring_system": "epss", "scoring_elements": "0.80618", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01381", "scoring_system": "epss", "scoring_elements": "0.80645", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877617", "reference_id": "877617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836", "reference_id": "CVE-2012-5836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-94", "reference_id": "mfsa2012-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-94" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5836" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9q39-smj2-gyee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2687?format=api", "vulnerability_id": "VCID-9stf-3cns-4fcz", "summary": "Security researcher Gregory Fleischer reported\nthat when an Adobe Flash file is loaded via\nthe view-source: scheme, the Flash plugin misinterprets\nthe origin of the content as localhost, leading to two specific\nvulnerabilities:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01373", "scoring_system": "epss", "scoring_elements": "0.80571", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01373", "scoring_system": "epss", "scoring_elements": "0.80598", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1307" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263", "reference_id": "496263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307", "reference_id": "CVE-2009-1307", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-17", "reference_id": "mfsa2009-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1307" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9stf-3cns-4fcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2831?format=api", "vulnerability_id": "VCID-9u32-fj4a-hffq", "summary": "Security researcher Martin Barbella reported that\nunder certain conditions, viewing a XUL document while JavaScript was\ndisabled caused deleted memory to be accessed. This flaw could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.XUL document support was disabled by default in\nFirefox 4 and SeaMonkey 2.1 and users of those versions are not generally\nat risk. It is possible for add-ons to re-enable the feature for specific\nsites (for example, to support a legacy intranet XUL application) which would\nhave introduced this vulnerability while browsing those sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03792", "scoring_system": "epss", "scoring_elements": "0.88284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03792", "scoring_system": "epss", "scoring_elements": "0.88303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2373" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714577", "reference_id": "714577", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373", "reference_id": "CVE-2011-2373", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-20", "reference_id": "mfsa2011-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2373" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9u32-fj4a-hffq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2209?format=api", "vulnerability_id": "VCID-9uc4-jfm8-jybw", "summary": "Security researcher Eduardo Vela Nava reported that\nif a web page opened a new window and used a javascript: URL to make a\nmodal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another web site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.75323", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.75352", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642294", "reference_id": "642294", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178", "reference_id": "CVE-2010-3178", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-69", "reference_id": "mfsa2010-69", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3178" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9uc4-jfm8-jybw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2415?format=api", "vulnerability_id": "VCID-a1cw-ujv7-gka5", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nan additional variation on the feed preview vulnerabilities\nfixed in Firefox 2.0.0.17.\nmoz_bug_r_a4 demonstrated that it was still possible to\nuse the feed preview as a vector for JavaScript privilege escalation.\nAn attacker could use this issue to run arbitrary JavaScript with\nchrome privileges.Firefox 3 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03153", "scoring_system": "epss", "scoring_elements": "0.87142", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03153", "scoring_system": "epss", "scoring_elements": "0.87164", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5504" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476273", "reference_id": "476273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504", "reference_id": "CVE-2008-5504", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-62", "reference_id": "mfsa2008-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5504" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a1cw-ujv7-gka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2881?format=api", "vulnerability_id": "VCID-a391-hcqz-p3ax", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83259", "scoring_system": "epss", "scoring_elements": "0.99284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.83259", "scoring_system": "epss", "scoring_elements": "0.99285", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700658", "reference_id": "700658", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065", "reference_id": "CVE-2011-0065", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0065" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a391-hcqz-p3ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2384?format=api", "vulnerability_id": "VCID-a3yp-gt8d-9qaw", "summary": "Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. \nAdditional vulnerable DLL file names were found and fixed in Firefox 18.0, Firefox ESR 17.0.1, and Firefox ESR 10.0.12 releases.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37377", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37468", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206", "reference_id": "CVE-2012-4206", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98", "reference_id": "mfsa2012-98", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4206" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yp-gt8d-9qaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2236?format=api", "vulnerability_id": "VCID-a6qz-skp8-23d9", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\narbitrary code execution attack using a javascript: URL. The Gecko\nengine features a JavaScript sandbox utility that allows the browser or add-ons\nto safely execute script in the context of a web page. In certain cases,\njavascript: URLs are executed in such a sandbox with insufficient\ncontext that can allow those scripts to escape from the sandbox and run with\nelevated privilege. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03399", "scoring_system": "epss", "scoring_elements": "0.87631", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03399", "scoring_system": "epss", "scoring_elements": "0.87653", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1967" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840259", "reference_id": "840259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967", "reference_id": "CVE-2012-1967", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-56", "reference_id": "mfsa2012-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1967" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6qz-skp8-23d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2489?format=api", "vulnerability_id": "VCID-a7t4-4g1x-guhw", "summary": "Mozilla developer Jesse Ruderman demonstrated that\nby tampering with the window.__proto__.__proto__ object,\none can cause the browser to place a lock on a non-native object,\nleading to a crash. Although we have not demonstrated such control, a\ndetermined attacker might be able to exploit this crash to run\narbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25205", "scoring_system": "epss", "scoring_elements": "0.96295", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.25205", "scoring_system": "epss", "scoring_elements": "0.963", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5014" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470873", "reference_id": "470873", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014", "reference_id": "CVE-2008-5014", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-50", "reference_id": "mfsa2008-50", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5014" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7t4-4g1x-guhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2592?format=api", "vulnerability_id": "VCID-a81r-cxqq-vqf6", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0345", "scoring_system": "epss", "scoring_elements": "0.8773", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0345", "scoring_system": "epss", "scoring_elements": "0.87751", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512128", "reference_id": "512128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462", "reference_id": "CVE-2009-2462", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2462" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a81r-cxqq-vqf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2895?format=api", "vulnerability_id": "VCID-a9m3-2rfb-97cg", "summary": "Security researcher Jordi Chancel reported that a\nJPEG image could be constructed that would be decoded incorrectly,\ncausing data to be written past the end of a buffer created to store\nthe image. An attacker could potentially craft such an image that\nwould cause malicious code to be stored in memory and then later\nexecuted on a victim's computer.Firefox 3.5 was not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03978", "scoring_system": "epss", "scoring_elements": "0.88606", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03978", "scoring_system": "epss", "scoring_elements": "0.88624", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675095", "reference_id": "675095", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061", "reference_id": "CVE-2011-0061", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-09", "reference_id": "mfsa2011-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0061" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9m3-2rfb-97cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2830?format=api", "vulnerability_id": "VCID-acdp-mkw5-nkcc", "summary": "Alex Miller reported that when very long strings\nwere constructed and inserted into an HTML document, the browser would\nincorrectly construct the layout objects used to display the text.\nUnder such conditions an incorrect length would be calculated for a\ntext run resulting in too small of a memory buffer being allocated to\nstore the text. This issue could be used by an attacker to write data\npast the end of the buffer and execute malicious code on a victim's\ncomputer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07784", "scoring_system": "epss", "scoring_elements": "0.92109", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07784", "scoring_system": "epss", "scoring_elements": "0.92121", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675143", "reference_id": "675143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058", "reference_id": "CVE-2011-0058", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-07", "reference_id": "mfsa2011-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0058" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-acdp-mkw5-nkcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2398?format=api", "vulnerability_id": "VCID-aegd-w8q3-9ket", "summary": "Anne van Kesteren of Opera Software found a \nmulti-octet encoding issue where certain octets will destroy the following\noctets in the processing of some multibyte character sets. This can leave users\nvulnerable to cross-site scripting (XSS) attacks on maliciously crafted web\npages.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72885", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72922", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0471" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815021", "reference_id": "815021", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471", "reference_id": "CVE-2012-0471", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-24", "reference_id": "mfsa2012-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0471" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aegd-w8q3-9ket" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151058?format=api", "vulnerability_id": "VCID-aekn-dts5-2yfw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53568", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53627", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2065" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2065" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aekn-dts5-2yfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2362?format=api", "vulnerability_id": "VCID-af68-fxsm-1kbn", "summary": "Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87809", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87831", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877615", "reference_id": "877615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202", "reference_id": "CVE-2012-4202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-92", "reference_id": "mfsa2012-92", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-92" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4202" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-af68-fxsm-1kbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2148?format=api", "vulnerability_id": "VCID-afs1-nyna-2khz", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03657", "scoring_system": "epss", "scoring_elements": "0.88103", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04086", "scoring_system": "epss", "scoring_elements": "0.88769", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615466", "reference_id": "615466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753", "reference_id": "CVE-2010-2753", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40", "reference_id": "mfsa2010-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54", "reference_id": "mfsa2010-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2753" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afs1-nyna-2khz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2147?format=api", "vulnerability_id": "VCID-ag56-4pye-f7e5", "summary": "Mozilla developer Josh Soref of Nokia reported that\ndocuments failed to call certain security checks when attempting to\npreload images. Although the image content is not available to the page, it\nis possible to specify protocols that are normally not allowed in a web page\nsuch as file:. This includes internal schemes implemented by\nadd-ons that might perform privileged actions resulting in something like a\nCross-Site Request Forgery (CSRF) attack against the add-on. Potential severity\nwould depend on the add-ons installed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12288", "scoring_system": "epss", "scoring_elements": "0.93994", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12288", "scoring_system": "epss", "scoring_elements": "0.94002", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168", "reference_id": "CVE-2010-0168", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html", "reference_id": "CVE-2010-0168;OSVDB-63269", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html" }, { "reference_url": "https://www.securityfocus.com/bid/38927/info", "reference_id": "CVE-2010-0168;OSVDB-63269", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/38927/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-13", "reference_id": "mfsa2010-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0168" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ag56-4pye-f7e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2179?format=api", "vulnerability_id": "VCID-aj2z-mctb-jke9", "summary": "Security researcher Hidetake Jo of Microsoft\nVulnerability Research reported that the properties set on an object\npassed to showModalDialog were readable by the document\ncontained in the dialog, even when the document was from a different\ndomain. This is a violation of the same-origin policy and could\nresult in a website running untrusted JavaScript if it assumed\nthe dialogArguments could not be initialized by another\nsite.An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60914", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60963", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566051", "reference_id": "566051", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988", "reference_id": "CVE-2009-3988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-04", "reference_id": "mfsa2010-04", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3988" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aj2z-mctb-jke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2896?format=api", "vulnerability_id": "VCID-akcd-7vmy-2ubj", "summary": "Security researcher Zach Hoffman reported that a\nrecursive call to eval() wrapped in\na try/catch statement places the browser into a\ninconsistent state. Any dialog box opened in this state is displayed\nwithout text and with non-functioning buttons. Closing the window\ncauses the dialog to evaluate to true. An attacker could use this\nissue to force a user into accepting any dialog, such as one granting\nelevated privileges to the page presenting the dialog.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00952", "scoring_system": "epss", "scoring_elements": "0.76747", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00952", "scoring_system": "epss", "scoring_elements": "0.76779", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0051" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675087", "reference_id": "675087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051", "reference_id": "CVE-2011-0051", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-02", "reference_id": "mfsa2011-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0312", "reference_id": "RHSA-2011:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0313", "reference_id": "RHSA-2011:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0313" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0051" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akcd-7vmy-2ubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2834?format=api", "vulnerability_id": "VCID-apmt-rypt-jqej", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02496", "scoring_system": "epss", "scoring_elements": "0.85596", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02496", "scoring_system": "epss", "scoring_elements": "0.85618", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730518", "reference_id": "730518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982", "reference_id": "CVE-2011-2982", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1165", "reference_id": "RHSA-2011:1165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1166", "reference_id": "RHSA-2011:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1167", "reference_id": "RHSA-2011:1167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1167" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2982" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apmt-rypt-jqej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2899?format=api", "vulnerability_id": "VCID-aptj-btqv-2ygb", "summary": "Security researcher Roberto Suggi Liverani\nreported that ParanoidFragmentSink, a class used to\nsanitize potentially unsafe HTML for display,\nallows javascript: URLs and other inline JavaScript when\nthe embedding document is a chrome document. While there are no\nunsafe uses of this class in any released products, extension code\ncould have potentially used it in an unsafe manner.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01466", "scoring_system": "epss", "scoring_elements": "0.8123", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01466", "scoring_system": "epss", "scoring_elements": "0.81258", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1585" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675094", "reference_id": "675094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585", "reference_id": "CVE-2010-1585", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08", "reference_id": "mfsa2011-08", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1585" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aptj-btqv-2ygb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2889?format=api", "vulnerability_id": "VCID-aqsc-b3nk-9kb4", "summary": "Security researcher Christian Holler reported that\nthe JavaScript engine's internal mapping of string values contained an\nerror in cases where the number of values being stored was above 64K.\nIn such cases an offset pointer was manually moved forwards and\nbackwards to access the larger address space. If an exception was\nthrown between the time that the offset pointer was moved forward and\nthe time it was reset, then the exception object would be read from an\ninvalid memory address, potentially executing attacker-controlled\nmemory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09158", "scoring_system": "epss", "scoring_elements": "0.92837", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09158", "scoring_system": "epss", "scoring_elements": "0.92849", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0056" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675092", "reference_id": "675092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056", "reference_id": "CVE-2011-0056", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-05", "reference_id": "mfsa2011-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0056" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqsc-b3nk-9kb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2594?format=api", "vulnerability_id": "VCID-as3a-uscx-c3bb", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03426", "scoring_system": "epss", "scoring_elements": "0.8768", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03426", "scoring_system": "epss", "scoring_elements": "0.87701", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512135", "reference_id": "512135", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465", "reference_id": "CVE-2009-2465", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2465" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-as3a-uscx-c3bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2393?format=api", "vulnerability_id": "VCID-atr8-vv1p-2ffp", "summary": "Mozilla security researcher Mark Goodwin discovered an issue\nwith the Firefox developer tools' debugger. If remote debugging is disabled, but\nthe experimental HTTPMonitor extension has been installed and enabled, a remote\nuser can connect to and use the remote debugging service through the port used\nby HTTPMonitor. A remote-enabled flag has been added to resolve\nthis problem and close the port unless debugging is explicitly enabled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03046", "scoring_system": "epss", "scoring_elements": "0.86934", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03046", "scoring_system": "epss", "scoring_elements": "0.86957", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851925", "reference_id": "851925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973", "reference_id": "CVE-2012-3973", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-66", "reference_id": "mfsa2012-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-66" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3973" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atr8-vv1p-2ffp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2223?format=api", "vulnerability_id": "VCID-atus-ryef-17h1", "summary": "Mozilla developers added support in the Network Security Services\nmodule for preventing a type of man-in-the-middle attack against TLS\nusing forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and\nFirefox 3.5 users will need to set\ntheir security.ssl.require_safe_negotiation preference to\ntrue. Firefox 3 does not contain the fix for this issue.", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html" }, { "reference_url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html" }, { "reference_url": "http://blogs.iss.net/archive/sslmitmiscsrf.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html" }, { "reference_url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during" }, { "reference_url": "http://clicky.me/tlsvuln", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://clicky.me/tlsvuln" }, { "reference_url": "http://extendedsubset.com/?p=8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://extendedsubset.com/?p=8" }, { "reference_url": "http://extendedsubset.com/Renegotiating_TLS.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://extendedsubset.com/Renegotiating_TLS.pdf" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041" }, { "reference_url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "reference_url": "http://kbase.redhat.com/faq/docs/DOC-20491", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://kbase.redhat.com/faq/docs/DOC-20491" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" }, { "reference_url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "reference_url": "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=126150535619567&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=126150535619567&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127419602507642&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=127419602507642&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" }, { "reference_url": "http://marc.info/?l=cryptography&m=125752275331877&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=cryptography&m=125752275331877&w=2" }, { "reference_url": "http://openbsd.org/errata45.html#010_openssl", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://openbsd.org/errata45.html#010_openssl" }, { "reference_url": "http://openbsd.org/errata46.html#004_openssl", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://openbsd.org/errata46.html#004_openssl" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1579", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1580", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1694", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0011", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0119", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0165", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0166", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0337", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0338", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0339", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0408", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0440", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0768", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0770", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0786", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0786" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0807", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0865", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0986", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0987", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2011:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1591", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1591" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03741", "scoring_system": "epss", "scoring_elements": "0.88216", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03741", "scoring_system": "epss", "scoring_elements": "0.88235", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3555" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "reference_url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=50325", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=50325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566" }, { "reference_url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049" }, { "reference_url": "http://seclists.org/fulldisclosure/2009/Nov/139", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://seclists.org/fulldisclosure/2009/Nov/139" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200912-01.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201203-22.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5" }, { "reference_url": "https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d" }, { "reference_url": "https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3" }, { "reference_url": "https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701" }, { "reference_url": "https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02" }, { "reference_url": "https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3" }, { "reference_url": "https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d" }, { "reference_url": "https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366" }, { "reference_url": "https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "reference_url": "https://kb.bluecoat.com/index?page=content&id=SA50", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://kb.bluecoat.com/index?page=content&id=SA50" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446" }, { "reference_url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>" }, { "reference_url": "https://nginx.org/download/patch.cve-2009-3555.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.cve-2009-3555.txt" }, { "reference_url": "https://nginx.org/download/patch.cve-2009-3555.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.cve-2009-3555.txt.asc" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535" }, { "reference_url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html" }, { "reference_url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt" }, { "reference_url": "https://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-5.html" }, { "reference_url": "https://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-6.html" }, { "reference_url": "https://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-7.html" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1" }, { "reference_url": "http://support.apple.com/kb/HT4004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.apple.com/kb/HT4004" }, { "reference_url": "http://support.apple.com/kb/HT4170", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.apple.com/kb/HT4170" }, { "reference_url": "http://support.apple.com/kb/HT4171", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.apple.com/kb/HT4171" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100070150", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100070150" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100081611", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100081611" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114315", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114315" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114327", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114327" }, { "reference_url": "http://support.citrix.com/article/CTX123359", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.citrix.com/article/CTX123359" }, { "reference_url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES" }, { "reference_url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html" }, { "reference_url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt" }, { "reference_url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html" }, { "reference_url": "http://ubuntu.com/usn/usn-923-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://ubuntu.com/usn/usn-923-1" }, { "reference_url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312" }, { "reference_url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only" }, { "reference_url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt" }, { "reference_url": "http://www.betanews.com/article/1257452450", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.betanews.com/article/1257452450" }, { "reference_url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml" }, { "reference_url": "http://www.debian.org/security/2009/dsa-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.debian.org/security/2009/dsa-1934" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2141", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3253", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "reference_url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html" }, { "reference_url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" }, { "reference_url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html" }, { "reference_url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html" }, { "reference_url": "http://www.ingate.com/Relnote.php?ver=481", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ingate.com/Relnote.php?ver=481" }, { "reference_url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "reference_url": "http://www.kb.cert.org/vuls/id/120541", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.kb.cert.org/vuls/id/120541" }, { "reference_url": "http://www.links.org/?p=780", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.links.org/?p=780" }, { "reference_url": "http://www.links.org/?p=786", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.links.org/?p=786" }, { "reference_url": "http://www.links.org/?p=789", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.links.org/?p=789" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089" }, { "reference_url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html" }, { "reference_url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html" }, { "reference_url": "http://www.openssl.org/news/secadv_20091111.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openssl.org/news/secadv_20091111.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/05/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/07/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/23/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "reference_url": "http://www.opera.com/docs/changelogs/unix/1060", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.opera.com/docs/changelogs/unix/1060" }, { "reference_url": "http://www.opera.com/support/search/view/944", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.opera.com/support/search/view/944" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" }, { "reference_url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" }, { "reference_url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html" }, { "reference_url": "http://www.tombom.co.uk/blog/?p=85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.tombom.co.uk/blog/?p=85" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1010-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1010-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-927-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-927-4" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-927-5" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "reference_url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0032", "reference_id": "0032", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0033", "reference_id": "0033", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0033" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0086", "reference_id": "0086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0086" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0086", "reference_id": "0086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0086" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0173", "reference_id": "0173", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0173" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0748", "reference_id": "0748", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0748" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0848", "reference_id": "0848", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0848" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0916", "reference_id": "0916", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0933", "reference_id": "0933", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0933" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0982", "reference_id": "0982", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0982" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0994", "reference_id": "0994", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0994" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1054", "reference_id": "1054", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1054" }, { "reference_url": "http://www.opera.com/docs/changelogs/unix/1060/", "reference_id": "1060", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.opera.com/docs/changelogs/unix/1060/" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1191", "reference_id": "1191", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1191" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1350", "reference_id": "1350", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1350" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1639", "reference_id": "1639", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1639" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1673", "reference_id": "1673", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1673" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1793", "reference_id": "1793", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2010", "reference_id": "2010", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2010" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2745", "reference_id": "2745", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2745" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3069", "reference_id": "3069", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3069" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3086", "reference_id": "3086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3086" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3126", "reference_id": "3126", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3126" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3164", "reference_id": "3164", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3164" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3165", "reference_id": "3165", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3165" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3205", "reference_id": "3205", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3205" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3220", "reference_id": "3220", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3220" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3310", "reference_id": "3310", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3310" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3313", "reference_id": "3313", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3313" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3353", "reference_id": "3353", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3353" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3354", "reference_id": "3354", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3354" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3484", "reference_id": "3484", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3484" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3521", "reference_id": "3521", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3521" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3587", "reference_id": "3587", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3587" }, { "reference_url": "http://www.securityfocus.com/bid/36935", "reference_id": "36935", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/bid/36935" }, { "reference_url": "http://secunia.com/advisories/37291", "reference_id": "37291", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37291" }, { "reference_url": "http://secunia.com/advisories/37292", "reference_id": "37292", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37292" }, { "reference_url": "http://secunia.com/advisories/37320", "reference_id": "37320", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37320" }, { "reference_url": "http://secunia.com/advisories/37383", "reference_id": "37383", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37383" }, { "reference_url": "http://secunia.com/advisories/37399", "reference_id": "37399", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37399" }, { "reference_url": "http://secunia.com/advisories/37453", "reference_id": "37453", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37453" }, { "reference_url": "http://secunia.com/advisories/37501", "reference_id": "37501", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37501" }, { "reference_url": "http://secunia.com/advisories/37504", "reference_id": "37504", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37504" }, { "reference_url": "http://secunia.com/advisories/37604", "reference_id": "37604", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37604" }, { "reference_url": "http://secunia.com/advisories/37640", "reference_id": "37640", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37640" }, { "reference_url": "http://secunia.com/advisories/37656", "reference_id": "37656", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37656" }, { "reference_url": "http://secunia.com/advisories/37675", "reference_id": "37675", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37675" }, { "reference_url": "http://secunia.com/advisories/37859", "reference_id": "37859", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37859" }, { "reference_url": "http://secunia.com/advisories/38003", "reference_id": "38003", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38003" }, { "reference_url": "http://secunia.com/advisories/38020", "reference_id": "38020", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38020" }, { "reference_url": "http://secunia.com/advisories/38056", "reference_id": "38056", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38056" }, { "reference_url": "http://secunia.com/advisories/38241", "reference_id": "38241", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38241" }, { "reference_url": "http://secunia.com/advisories/38484", "reference_id": "38484", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38484" }, { "reference_url": "http://secunia.com/advisories/38687", "reference_id": "38687", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38687" }, { "reference_url": "http://secunia.com/advisories/38781", "reference_id": "38781", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38781" }, { "reference_url": "http://secunia.com/advisories/39127", "reference_id": "39127", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39127" }, { "reference_url": "http://secunia.com/advisories/39136", "reference_id": "39136", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39136" }, { "reference_url": "http://secunia.com/advisories/39242", "reference_id": "39242", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39242" }, { "reference_url": "http://secunia.com/advisories/39243", "reference_id": "39243", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39243" }, { "reference_url": "http://secunia.com/advisories/39278", "reference_id": "39278", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39278" }, { "reference_url": "http://secunia.com/advisories/39292", "reference_id": "39292", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39292" }, { "reference_url": "http://secunia.com/advisories/39317", "reference_id": "39317", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39317" }, { "reference_url": "http://secunia.com/advisories/39461", "reference_id": "39461", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39461" }, { "reference_url": "http://secunia.com/advisories/39500", "reference_id": "39500", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39500" }, { "reference_url": "http://secunia.com/advisories/39628", "reference_id": "39628", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39628" }, { "reference_url": "http://secunia.com/advisories/39632", "reference_id": "39632", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39632" }, { "reference_url": "http://secunia.com/advisories/39713", "reference_id": "39713", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39713" }, { "reference_url": "http://secunia.com/advisories/39819", "reference_id": "39819", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39819" }, { "reference_url": "http://secunia.com/advisories/40070", "reference_id": "40070", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40070" }, { "reference_url": "http://secunia.com/advisories/40545", "reference_id": "40545", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40545" }, { "reference_url": "http://secunia.com/advisories/40747", "reference_id": "40747", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40747" }, { "reference_url": "http://secunia.com/advisories/40866", "reference_id": "40866", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40866" }, { "reference_url": "http://secunia.com/advisories/41480", "reference_id": "41480", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41480" }, { "reference_url": "http://secunia.com/advisories/41490", "reference_id": "41490", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41490" }, { "reference_url": "http://secunia.com/advisories/41818", "reference_id": "41818", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41818" }, { "reference_url": "http://secunia.com/advisories/41967", "reference_id": "41967", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41967" }, { "reference_url": "http://secunia.com/advisories/41972", "reference_id": "41972", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41972" }, { "reference_url": "http://secunia.com/advisories/42377", "reference_id": "42377", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42377" }, { "reference_url": "http://secunia.com/advisories/42379", "reference_id": "42379", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42379" }, { "reference_url": "http://secunia.com/advisories/42467", "reference_id": "42467", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42467" }, { "reference_url": "http://secunia.com/advisories/42724", "reference_id": "42724", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42724" }, { "reference_url": "http://secunia.com/advisories/42733", "reference_id": "42733", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42733" }, { "reference_url": "http://secunia.com/advisories/42808", "reference_id": "42808", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42808" }, { "reference_url": "http://secunia.com/advisories/42811", "reference_id": "42811", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42811" }, { "reference_url": "http://secunia.com/advisories/42816", "reference_id": "42816", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42816" }, { "reference_url": "http://secunia.com/advisories/43308", "reference_id": "43308", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/43308" }, { "reference_url": "http://secunia.com/advisories/44954", "reference_id": "44954", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/44954" }, { "reference_url": "http://secunia.com/advisories/48577", "reference_id": "48577", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/48577" }, { "reference_url": "http://www.securityfocus.com/archive/1/522176", "reference_id": "522176", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "reference_url": "http://osvdb.org/60521", "reference_id": "60521", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/60521" }, { "reference_url": "http://osvdb.org/60972", "reference_id": "60972", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/60972" }, { "reference_url": "http://osvdb.org/62210", "reference_id": "62210", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/62210" }, { "reference_url": "http://osvdb.org/65202", "reference_id": "65202", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/65202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649", "reference_id": "765649", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649" }, { "reference_url": "http://www.opera.com/support/search/view/944/", "reference_id": "944", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.opera.com/support/search/view/944/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555", "reference_id": "CVE-2009-3555", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py", "reference_id": "CVE-2009-3555", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "reference_id": "CVE-2009-3555", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt", "reference_id": "CVE-2009-3555;OSVDB-59970", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35888/info", "reference_id": "CVE-2009-3555;OSVDB-59970", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35888/info" }, { "reference_url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E", "reference_id": "f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://github.com/advisories/GHSA-f7w7-6pjc-wwm6", "reference_id": "GHSA-f7w7-6pjc-wwm6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7w7-6pjc-wwm6" }, { "reference_url": "https://security.gentoo.org/glsa/200912-01", "reference_id": "GLSA-200912-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-01" }, { "reference_url": "https://security.gentoo.org/glsa/201006-18", "reference_id": "GLSA-201006-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201006-18" }, { "reference_url": "https://security.gentoo.org/glsa/201110-05", "reference_id": "GLSA-201110-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-05" }, { "reference_url": "https://security.gentoo.org/glsa/201203-22", "reference_id": "GLSA-201203-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-22" }, { "reference_url": "https://security.gentoo.org/glsa/201206-18", "reference_id": "GLSA-201206-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-18" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201309-15", "reference_id": "GLSA-201309-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-15" }, { "reference_url": "https://security.gentoo.org/glsa/201311-13", "reference_id": "GLSA-201311-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-13" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "http://securitytracker.com/id?1023148", "reference_id": "id?1023148", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://securitytracker.com/id?1023148" }, { "reference_url": "http://www.securitytracker.com/id?1023163", "reference_id": "id?1023163", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023163" }, { "reference_url": "http://www.securitytracker.com/id?1023204", "reference_id": "id?1023204", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023204" }, { "reference_url": "http://www.securitytracker.com/id?1023205", "reference_id": "id?1023205", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023205" }, { "reference_url": "http://www.securitytracker.com/id?1023206", "reference_id": "id?1023206", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023206" }, { "reference_url": "http://www.securitytracker.com/id?1023207", "reference_id": "id?1023207", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023207" }, { "reference_url": "http://www.securitytracker.com/id?1023208", "reference_id": "id?1023208", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023208" }, { "reference_url": "http://www.securitytracker.com/id?1023209", "reference_id": "id?1023209", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023209" }, { "reference_url": "http://www.securitytracker.com/id?1023210", "reference_id": "id?1023210", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023210" }, { "reference_url": "http://www.securitytracker.com/id?1023211", "reference_id": "id?1023211", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023211" }, { "reference_url": "http://www.securitytracker.com/id?1023212", "reference_id": "id?1023212", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023212" }, { "reference_url": "http://www.securitytracker.com/id?1023213", "reference_id": "id?1023213", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023213" }, { "reference_url": "http://www.securitytracker.com/id?1023214", "reference_id": "id?1023214", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023214" }, { "reference_url": "http://www.securitytracker.com/id?1023215", "reference_id": "id?1023215", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023215" }, { "reference_url": "http://www.securitytracker.com/id?1023216", "reference_id": "id?1023216", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023216" }, { "reference_url": "http://www.securitytracker.com/id?1023217", "reference_id": "id?1023217", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023217" }, { "reference_url": "http://www.securitytracker.com/id?1023218", "reference_id": "id?1023218", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023218" }, { "reference_url": "http://www.securitytracker.com/id?1023219", "reference_id": "id?1023219", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023219" }, { "reference_url": "http://www.securitytracker.com/id?1023224", "reference_id": "id?1023224", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023224" }, { "reference_url": "http://www.securitytracker.com/id?1023243", "reference_id": "id?1023243", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023243" }, { "reference_url": "http://www.securitytracker.com/id?1023270", "reference_id": "id?1023270", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023270" }, { "reference_url": "http://www.securitytracker.com/id?1023271", "reference_id": "id?1023271", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023271" }, { "reference_url": "http://www.securitytracker.com/id?1023272", "reference_id": "id?1023272", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023272" }, { "reference_url": "http://www.securitytracker.com/id?1023273", "reference_id": "id?1023273", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023273" }, { "reference_url": "http://www.securitytracker.com/id?1023274", "reference_id": "id?1023274", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023274" }, { "reference_url": "http://www.securitytracker.com/id?1023275", "reference_id": "id?1023275", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023275" }, { "reference_url": "http://www.securitytracker.com/id?1023411", "reference_id": "id?1023411", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023411" }, { "reference_url": "http://www.securitytracker.com/id?1023426", "reference_id": "id?1023426", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023426" }, { "reference_url": "http://www.securitytracker.com/id?1023427", "reference_id": "id?1023427", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023427" }, { "reference_url": "http://www.securitytracker.com/id?1023428", "reference_id": "id?1023428", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023428" }, { "reference_url": "http://www.securitytracker.com/id?1024789", "reference_id": "id?1024789", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1024789" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22", "reference_id": "mfsa2010-22", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A10088", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A11578", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A11617", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A7315", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A7478", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A7973", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A8366", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A8535", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535" }, { "reference_url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html", "reference_id": "plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html" }, { "reference_url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E", "reference_id": "re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "reference_url": "https://usn.ubuntu.com/1010-1/", "reference_id": "USN-1010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1010-1/" }, { "reference_url": "https://usn.ubuntu.com/860-1/", "reference_id": "USN-860-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/860-1/" }, { "reference_url": "https://usn.ubuntu.com/923-1/", "reference_id": "USN-923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/923-1/" }, { "reference_url": "https://usn.ubuntu.com/927-1/", "reference_id": "USN-927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-1/" }, { "reference_url": "https://usn.ubuntu.com/927-4/", "reference_id": "USN-927-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-4/" }, { "reference_url": "https://usn.ubuntu.com/927-6/", "reference_id": "USN-927-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-6/" }, { "reference_url": "https://usn.ubuntu.com/990-1/", "reference_id": "USN-990-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/990-1/" }, { "reference_url": "https://usn.ubuntu.com/990-2/", "reference_id": "USN-990-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/990-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3555", "GHSA-f7w7-6pjc-wwm6", "VU#120541" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atus-ryef-17h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2367?format=api", "vulnerability_id": "VCID-avt8-7dua-tyey", "summary": "For historical reasons Firefox has been generous in its interpretation of web\naddresses containing square brackets around the host. If this host was not a\nvalid IPv6 literal address, Firefox attempted to interpret the host as a regular\ndomain name. Gregory Fleischer reported that requests made\nusing IPv6 syntax using XMLHttpRequest objects through a proxy may generate\nerrors depending on proxy configuration for IPv6. The resulting error messages\nfrom the proxy may disclose sensitive data because Same-Origin Policy (SOP) will\nallow the XMLHttpRequest object to read these error messages, allowing user\nprivacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that\nmay break links written using the non-standard Firefox-only forms that were\npreviously accepted.\nThis was fixed previously for Firefox 7.0, Thunderbird 7.0, and\nSeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during\n2012.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72943", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.7298", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=785464", "reference_id": "785464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670", "reference_id": "CVE-2011-3670", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-02", "reference_id": "mfsa2012-02", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0084", "reference_id": "RHSA-2012:0084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0085", "reference_id": "RHSA-2012:0085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0085" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3670" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avt8-7dua-tyey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2349?format=api", "vulnerability_id": "VCID-b3f8-xs54-x3hm", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02146", "scoring_system": "epss", "scoring_elements": "0.84545", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02146", "scoring_system": "epss", "scoring_elements": "0.84569", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851908", "reference_id": "851908", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971", "reference_id": "CVE-2012-1971", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57", "reference_id": "mfsa2012-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1971" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3f8-xs54-x3hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2132?format=api", "vulnerability_id": "VCID-b5d8-xmt5-n3fk", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit. This reference could subsequently be accessed, potentially\ncausing the execution of attacker controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01551", "scoring_system": "epss", "scoring_elements": "0.81748", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01551", "scoring_system": "epss", "scoring_elements": "0.81783", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1208" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615458", "reference_id": "615458", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208", "reference_id": "CVE-2010-1208", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-35", "reference_id": "mfsa2010-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1208" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5d8-xmt5-n3fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2143?format=api", "vulnerability_id": "VCID-b757-b3zk-c7d8", "summary": "OUSPG researcher Aki Helin reported a buffer\noverflow in Mozilla graphics code which consumes image data processed\nby libpng. A malformed PNG file could be created which would cause\nlibpng to incorrectly report the size of the image to downstream\nconsumers. When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer. This could result in the\nexecution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14816", "scoring_system": "epss", "scoring_elements": "0.94633", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14816", "scoring_system": "epss", "scoring_elements": "0.94642", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238", "reference_id": "608238", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205", "reference_id": "CVE-2010-1205", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c", "reference_id": "CVE-2010-1205", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1205", "reference_id": "CVE-2010-1205", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1205" }, { "reference_url": "https://security.gentoo.org/glsa/201010-01", "reference_id": "GLSA-201010-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201010-01" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201412-08", "reference_id": "GLSA-201412-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-08" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-41", "reference_id": "mfsa2010-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0534", "reference_id": "RHSA-2010:0534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" }, { "reference_url": "https://usn.ubuntu.com/960-1/", "reference_id": "USN-960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1205" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b757-b3zk-c7d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2356?format=api", "vulnerability_id": "VCID-bacb-nrmv-bkhf", "summary": "Security researcher Frédéric Hoguin reported two related\nissues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO)\nformat files. When processing a negative \"height\" header value for the bitmap\nimage, a memory corruption can be induced, allowing an attacker to write random\nmemory and cause a crash. This crash may be potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03664", "scoring_system": "epss", "scoring_elements": "0.88097", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03664", "scoring_system": "epss", "scoring_elements": "0.88118", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851918", "reference_id": "851918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966", "reference_id": "CVE-2012-3966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61", "reference_id": "mfsa2012-61", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3966" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bacb-nrmv-bkhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2603?format=api", "vulnerability_id": "VCID-bchr-4frg-pkcd", "summary": "Mozilla security researcher moz_bug_r_a4 reported\na vulnerability which allows scripts from page content to run with\nelevated privileges. Using this vulnerability, an attacker could\ncause a chrome privileged object, such as the browser sidebar or the\nFeedWriter, to interact with web content in such a way that attacker\ncontrolled code may be executed with the object's chrome\nprivileges.Thunderbird supports neither the sidebar nor\nBrowserFeedWriter objects and is not vulnerable in its default\nconfiguration. Thunderbird might be vulnerable if the user has installed\nany add-on which adds a similarly implemented feature and then enables\nJavaScript in mail messages. This is not the default setting and we\nstrongly discourage users from running JavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04241", "scoring_system": "epss", "scoring_elements": "0.8897", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04241", "scoring_system": "epss", "scoring_elements": "0.88987", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1841" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503583", "reference_id": "503583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503583" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841", "reference_id": "CVE-2009-1841", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-32", "reference_id": "mfsa2009-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1841" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bchr-4frg-pkcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2412?format=api", "vulnerability_id": "VCID-beq8-87ps-zqfn", "summary": "Security researchers Jordi Chancel and Eddy\nBordi reported that they could short-circuit page loads to show the\naddress of a different site than what is loaded in the window in the addressbar.\nSecurity researcher Chris McGowen independently reported the\nsame flaw, and further demonstrated that this could lead to loading scripts from\nthe attacker's site, leaving users vulnerable to cross-site scripting (XSS)\nattacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00685", "scoring_system": "epss", "scoring_elements": "0.72069", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00685", "scoring_system": "epss", "scoring_elements": "0.7211", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815024", "reference_id": "815024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474", "reference_id": "CVE-2012-0474", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-27", "reference_id": "mfsa2012-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0474" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-beq8-87ps-zqfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2360?format=api", "vulnerability_id": "VCID-bs57-6fkx-67gd", "summary": "Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03834", "scoring_system": "epss", "scoring_elements": "0.88366", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03834", "scoring_system": "epss", "scoring_elements": "0.88384", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877633", "reference_id": "877633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210", "reference_id": "CVE-2012-4210", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-104", "reference_id": "mfsa2012-104", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4210" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bs57-6fkx-67gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2324?format=api", "vulnerability_id": "VCID-bsex-hp53-7kd7", "summary": "Mozilla developer Bobby Holley found that same-compartment\nsecurity wrappers (SCSW) can be bypassed by passing them to another compartment.\nCross-compartment wrappers often do not go through SCSW, but have a filtering\npolicy built into them. When an object is wrapped cross-compartment, the SCSW is\nstripped off and, when the object is read read back, it is not known that SCSW\nwas previously present, resulting in a bypassing of SCSW. This could result in\nuntrusted content having access to the XBL that implements browser\nfunctionality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.76479", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.76508", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1959" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840212", "reference_id": "840212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959", "reference_id": "CVE-2012-1959", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-49", "reference_id": "mfsa2012-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1959" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bsex-hp53-7kd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2374?format=api", "vulnerability_id": "VCID-bt99-t9ek-nqg1", "summary": "Security researcher Daniel Divricean reported that a defect\nin the error handling of javascript errors can leak the file names and location\nof javascript files on a server, leading to inadvertent information disclosure\nand a vector for further attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00891", "scoring_system": "epss", "scoring_elements": "0.75912", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00891", "scoring_system": "epss", "scoring_elements": "0.75938", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187", "reference_id": "815187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187", "reference_id": "CVE-2011-1187", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-32", "reference_id": "mfsa2012-32", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-32" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-1187" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bt99-t9ek-nqg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2615?format=api", "vulnerability_id": "VCID-bthe-736u-bqct", "summary": "Mozilla add-on developer and community member Wladimir\nPalant reported broken functionality on pages that had a\nLink: HTTP header when an add-on was installed\nwhich implemented a Content Policy in JavaScript, such\nas AdBlock Plus or NoScript. Mozilla security\nresearcher moz_bug_r_a4 demonstrated that the broken\nfunctionality was due to the window's global object\nreceiving an incorrect security wrapper and that this issue could be\nused to execute arbitrary JavaScript with chrome privileges.This vulnerability does not affect Firefox\nprior to version 3.5", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80508", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80534", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665", "reference_id": "CVE-2009-2665", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-46", "reference_id": "mfsa2009-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2665" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bthe-736u-bqct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2364?format=api", "vulnerability_id": "VCID-btpx-49ky-eqbk", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06784", "scoring_system": "epss", "scoring_elements": "0.91473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06784", "scoring_system": "epss", "scoring_elements": "0.91487", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1947" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843", "reference_id": "827843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947", "reference_id": "CVE-2012-1947", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1947" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-btpx-49ky-eqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2855?format=api", "vulnerability_id": "VCID-bvjs-ev8j-2ka1", "summary": "Ian Graham of Citrix Online reported that when multiple\nLocation headers were present in a redirect response \nMozilla behavior differed from other browsers: Mozilla would use the second\nLocation header while Chrome and Internet Explorer would use\nthe first. Two copies of this header with different values could be a symptom\nof a CRLF injection attack against a vulnerable server. Most commonly it is\nthe Location header itself that is vulnerable to the response\nsplitting and therefore the copy preferred by Mozilla is more likely to be\nthe malicious one. It is possible, however, that the first copy was the\ninjected one depending on the nature of the server vulnerability.\nThe Mozilla browser engine has been changed to treat two copies of this\nheader with different values as an error condition. The same has been done\nwith the headers Content-Length and Content-Disposition", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.80076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.80101", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3000" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741905", "reference_id": "741905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000", "reference_id": "CVE-2011-3000", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-39", "reference_id": "mfsa2011-39", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3000" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvjs-ev8j-2ka1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2634?format=api", "vulnerability_id": "VCID-bwba-bq5v-y3cf", "summary": "Security research firm iDefense reported that\nresearcher regenrecht discovered a heap-based buffer\noverflow in Mozilla's GIF image parser. This vulnerability could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11615", "scoring_system": "epss", "scoring_elements": "0.93786", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11615", "scoring_system": "epss", "scoring_elements": "0.93795", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3373" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530156", "reference_id": "530156", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373", "reference_id": "CVE-2009-3373", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt", "reference_id": "CVE-2009-3373;OSVDB-59393", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt" }, { "reference_url": "https://www.securityfocus.com/bid/36855/info", "reference_id": "CVE-2009-3373;OSVDB-59393", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/36855/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56", "reference_id": "mfsa2009-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3373" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwba-bq5v-y3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2202?format=api", "vulnerability_id": "VCID-bxjx-hxgs-r7fh", "summary": "Security researcher O. Andersen reported that\nundefined positions within various 8 bit character encodings are\nmapped to the sequence U+FFFD which when displayed causes the\nimmediately following character to disappear from the text run. This\ncould potentially contribute to XSS problems on sites which expected\nextra characters to be present within strings being sanitized on the\nserver.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58572", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615474", "reference_id": "615474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210", "reference_id": "CVE-2010-1210", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-44", "reference_id": "mfsa2010-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1210" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bxjx-hxgs-r7fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2612?format=api", "vulnerability_id": "VCID-by67-ztwk-8kh3", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\na form input control's type could be changed during the restoration of a\nclosed tab. An attacker could set an input control's text value to the\npath of a local file whose location was known to the attacker. If the tab\nwas then closed and the victim persuaded to re-open it, upon restoring the\ntab the attacker could use this vulnerability to change the input type to\nfile. Scripts in the page could then automatically submit\nthe form and steal the contents of the user's local file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02431", "scoring_system": "epss", "scoring_elements": "0.85428", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02431", "scoring_system": "epss", "scoring_elements": "0.85451", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0355" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483143", "reference_id": "483143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355", "reference_id": "CVE-2009-0355", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-03", "reference_id": "mfsa2009-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" }, { "reference_url": "https://usn.ubuntu.com/717-2/", "reference_id": "USN-717-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0355" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-by67-ztwk-8kh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2458?format=api", "vulnerability_id": "VCID-by8v-e1uc-kubb", "summary": "Security researcher Liu Die Yu of\nTopsecTianRongXin reported that locally saved .url shortcut files\ncould be used to read information stored in the local cache. An\nattacker could use this vulnerability to steal information from a\nvictim's browser cache if they were able to get the victim to download\ntwo separate files, a .url shortcut and a HTML file. Given the\nrelative complexity of this attack, the severity of the issue was\ndetermined to be moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.3558", "scoring_system": "epss", "scoring_elements": "0.97156", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.3558", "scoring_system": "epss", "scoring_elements": "0.97159", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4582" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470903", "reference_id": "470903", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582", "reference_id": "CVE-2008-4582", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html", "reference_id": "CVE-2008-4582;OSVDB-49073", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html" }, { "reference_url": "https://www.securityfocus.com/bid/31611/info", "reference_id": "CVE-2008-4582;OSVDB-49073", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/31611/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-47", "reference_id": "mfsa2008-47", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-47" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4582" ], "risk_score": 0.6, "exploitability": "2.0", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-by8v-e1uc-kubb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2280?format=api", "vulnerability_id": "VCID-c145-1rm9-m3ez", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05225", "scoring_system": "epss", "scoring_elements": "0.9012", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05225", "scoring_system": "epss", "scoring_elements": "0.90137", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185", "reference_id": "CVE-2012-4185", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4185" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c145-1rm9-m3ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2821?format=api", "vulnerability_id": "VCID-c1u5-hb1s-8feq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06676", "scoring_system": "epss", "scoring_elements": "0.91394", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06676", "scoring_system": "epss", "scoring_elements": "0.91407", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985", "reference_id": "CVE-2011-2985", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2985" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1u5-hb1s-8feq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2190?format=api", "vulnerability_id": "VCID-c2jb-u1sf-xkgr", "summary": "Security researcher Richard Moore reported that\nwhen an SSL certificate was created with a common name containing a\nwildcard followed by a partial IP address a valid SSL connection could be\nestablished with a server whose IP address matched the wildcard range\nby browsing directly to the IP address. It is extremely unlikely that\nsuch a certificate would be issued by a Certificate Authority.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01158", "scoring_system": "epss", "scoring_elements": "0.78913", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01158", "scoring_system": "epss", "scoring_elements": "0.78939", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3170" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630047", "reference_id": "630047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170", "reference_id": "CVE-2010-3170", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-70", "reference_id": "mfsa2010-70", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-70" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0862", "reference_id": "RHSA-2010:0862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0862" }, { "reference_url": "https://usn.ubuntu.com/1007-1/", "reference_id": "USN-1007-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1007-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3170" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2jb-u1sf-xkgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2344?format=api", "vulnerability_id": "VCID-c2vq-w67k-rkhc", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.851", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3963" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963", "reference_id": "CVE-2012-3963", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3963" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2vq-w67k-rkhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2238?format=api", "vulnerability_id": "VCID-c3hz-p1eg-cyev", "summary": "Security researcher Mark Poticha reported an issue where\nincorrect SSL certificate information can be displayed on the addressbar,\nshowing the SSL data for a previous site while another has been loaded. This is\ncaused by two onLocationChange events being fired out of the expected order,\nleading to the displayed certificate data to not be updated. This can be used\nfor phishing attacks by allowing the user to input form or other data on a\nnewer, attacking, site while the credentials of an older site appear on the\naddressbar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.73982", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.74015", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3976" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851931", "reference_id": "851931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976", "reference_id": "CVE-2012-3976", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-69", "reference_id": "mfsa2012-69", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3976" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3hz-p1eg-cyev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/156367?format=api", "vulnerability_id": "VCID-c7ny-wuua-1bev", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65606", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65659", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4508" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-4508" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c7ny-wuua-1bev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2284?format=api", "vulnerability_id": "VCID-ca7w-txcu-rkhy", "summary": "Mateusz Jurczyk of the Google Security Team discovered an\noff-by-one error in the OpenType Sanitizer using the Address Sanitizer tool.\nThis can lead to an out-of-bounds read and execution of an uninitialized\nfunction pointer during parsing and possible remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02392", "scoring_system": "epss", "scoring_elements": "0.85315", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02392", "scoring_system": "epss", "scoring_elements": "0.85338", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815042", "reference_id": "815042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062", "reference_id": "CVE-2011-3062", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062" }, { "reference_url": "https://security.gentoo.org/glsa/201203-24", "reference_id": "GLSA-201203-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-24" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-31", "reference_id": "mfsa2012-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3062" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ca7w-txcu-rkhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2213?format=api", "vulnerability_id": "VCID-cbf6-phh6-3kd3", "summary": "Mozilla security researcher moz_bug_r_a4 reports that\nby using an appropriately wrapped object it was possible to bypass the fix\nfor \nMFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability\nto perform cross-site scripting attacks against arbitrary sites as in the\noriginal MFSA 2007-19 attack. Due to unrelated changes in the browser engine\nused by Firefox 3.6, attacks in that version are limited to capturing keystroke\nevents from a cross-origin frame or window rather than full DOM access.\nThose events might be sufficient to illicitly obtain passwords\nor other sensitive information entered into web forms.\nThunderbird does not allow JavaScript to run in mail\nmessages, but users who open web content (such as RSS feeds, or other\ncontent through add-ons) could be at risk.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.67201", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.67242", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0171" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576696", "reference_id": "576696", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171", "reference_id": "CVE-2010-0171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12", "reference_id": "mfsa2010-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0171" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbf6-phh6-3kd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2232?format=api", "vulnerability_id": "VCID-ccxj-6r97-9uac", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the implementation of\nthe window.navigator.plugins object. When a page\nreloads, the plugins array would reallocate all of its members without\nchecking for existing references to each member. This could result in\nthe deletion of objects for which valid pointers still exist. An\nattacker could use this vulnerability to crash a victim's browser and\nrun arbitrary code on the victim's machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06689", "scoring_system": "epss", "scoring_elements": "0.91404", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06689", "scoring_system": "epss", "scoring_elements": "0.91418", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578152", "reference_id": "578152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177", "reference_id": "CVE-2010-0177", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-19", "reference_id": "mfsa2010-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0177" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccxj-6r97-9uac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2628?format=api", "vulnerability_id": "VCID-cdn3-4erv-3kbs", "summary": "Security researcher Marco C. reported a flaw in\nthe parsing of regular expressions used in Proxy Auto-configuration\n(PAC) files. In certain cases this flaw could be used by an attacker\nto crash a victim's browser and run arbitrary code on their computer.\nSince this vulnerability requires the victim to have PAC configured in\ntheir environment with specific regular expressions which can trigger\nthe crash, the severity of the issue was determined to be\nmoderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02124", "scoring_system": "epss", "scoring_elements": "0.84469", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02124", "scoring_system": "epss", "scoring_elements": "0.84494", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530155", "reference_id": "530155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372", "reference_id": "CVE-2009-3372", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55", "reference_id": "mfsa2009-55", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3372" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdn3-4erv-3kbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2625?format=api", "vulnerability_id": "VCID-cdy6-72f7-s7g5", "summary": "Developer and Mozilla community member Wladimir Palant\nreported that cookies marked HTTPOnly were readable by JavaScript via\nthe XMLHttpRequest.getResponseHeader and \nXMLHttpRequest.getAllResponseHeaders APIs. This vulnerability\nbypasses the security mechanism provided by the HTTPOnly flag which\nintends to restrict JavaScript access to document.cookie.The fix prevents the XMLHttpRequest feature from accessing the\nSet-Cookie and Set-Cookie2 headers of any response\nwhether or not the HTTPOnly flag was set for those cookies.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0108", "scoring_system": "epss", "scoring_elements": "0.78189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0108", "scoring_system": "epss", "scoring_elements": "0.78215", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483145", "reference_id": "483145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357", "reference_id": "CVE-2009-0357", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-05", "reference_id": "mfsa2009-05", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" }, { "reference_url": "https://usn.ubuntu.com/717-2/", "reference_id": "USN-717-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-2/" }, { "reference_url": "https://usn.ubuntu.com/717-3/", "reference_id": "USN-717-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0357" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdy6-72f7-s7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2486?format=api", "vulnerability_id": "VCID-cfbf-4wvs-dugs", "summary": "Justin Schuh of the IBM X-Force reported a flaw in\nthe way Mozilla parses the http-index-format MIME type. By sending a\nspecially crafted 200 header line in the HTTP index response, an\nattacker can cause the browser to crash and run arbitrary code on the\nvictim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14498", "scoring_system": "epss", "scoring_elements": "0.94575", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14498", "scoring_system": "epss", "scoring_elements": "0.94583", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470892", "reference_id": "470892", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470892" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017", "reference_id": "CVE-2008-0017", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-54", "reference_id": "mfsa2008-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-0017" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfbf-4wvs-dugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2400?format=api", "vulnerability_id": "VCID-cjgv-em1a-p7ge", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81224", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81251", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109", "reference_id": "803109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462", "reference_id": "CVE-2012-0462", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0462" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjgv-em1a-p7ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2854?format=api", "vulnerability_id": "VCID-cm6d-fmdp-dkcc", "summary": "Claus Wahlers reported that random images from GPU memory\nwere showing up in WebGL textures. Once incorporated into the WebGL graphics it\nis possible for a site to programmatically read the image data and potentially\ngain sensitive data from other things that had been displayed earlier. This\nproblem is due to a bug in the driver for Intel integrated GPUs on recent\nMac OS X hardware, and the problem can be seen in WebGL implementations from\nother vendors. Mozilla has implemented a work-around to prevent this from\nhappening with this hardware-driver combination.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46406", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46472", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653", "reference_id": "CVE-2011-3653", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-51", "reference_id": "mfsa2011-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-51" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3653" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cm6d-fmdp-dkcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2479?format=api", "vulnerability_id": "VCID-cpff-qnzg-wuhu", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in nsXMLDocument::OnChannelRedirect()\ncould be bypassed. This vulnerability could be used to execute JavaScript\nin the context of a different website.Firefox 3 is not affected by this issueThunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30726", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30798", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463182", "reference_id": "463182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463182" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835", "reference_id": "CVE-2008-3835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-38", "reference_id": "mfsa2008-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-3835" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpff-qnzg-wuhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2849?format=api", "vulnerability_id": "VCID-cqbd-xw64-jqak", "summary": "Daniel Kozlowski reported that a\nJavaScript Worker could be used to keep a reference to an\nobject that could be freed during garbage collection. Subsequent\ncalls through this deleted reference could cause attacker-controlled\nmemory to be executed on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03949", "scoring_system": "epss", "scoring_elements": "0.88556", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03949", "scoring_system": "epss", "scoring_elements": "0.88574", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675093", "reference_id": "675093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057", "reference_id": "CVE-2011-0057", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-06", "reference_id": "mfsa2011-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0057" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqbd-xw64-jqak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2810?format=api", "vulnerability_id": "VCID-cy77-z9ha-vfeg", "summary": "David Remahl of Apple Product Security reported\nthat the Java Embedding Plugin (JEP) shipped with the Mac OS X versions\nof Firefox could be exploited to obtain elevated access to resources on\na user's system.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60429", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60477", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076", "reference_id": "CVE-2011-0076", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15", "reference_id": "mfsa2011-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0076" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy77-z9ha-vfeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2309?format=api", "vulnerability_id": "VCID-cyde-wgmd-f3d9", "summary": "Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02253", "scoring_system": "epss", "scoring_elements": "0.849", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02253", "scoring_system": "epss", "scoring_elements": "0.84924", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4204" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877624", "reference_id": "877624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204", "reference_id": "CVE-2012-4204", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-96", "reference_id": "mfsa2012-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-96" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4204" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyde-wgmd-f3d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2294?format=api", "vulnerability_id": "VCID-d18w-azwz-nuhn", "summary": "Vitaly Nevgen reported that an attacker could replace a\nsub-frame in another domain's document by using the name attribute of the\nsub-frame as a form submission target. This can potentially allow for phishing\nattacks against users and violates the HTML5 frame navigation policy.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67805", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67845", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0445" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445", "reference_id": "CVE-2012-0445", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-03", "reference_id": "mfsa2012-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-03" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0445" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d18w-azwz-nuhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2683?format=api", "vulnerability_id": "VCID-d1d9-6j5m-jqbj", "summary": "Jakob Balle and Carsten Eiram of\nSecunia Research reported a race condition\nin NPObjWrapper_NewResolve when accessing the properties\nof a NPObject, a wrapped JSObject. Balle\nand Eiram demonstrated that this condition could be reached by\nnavigating away from a web page during the loading of a Java applet.\nUnder such conditions the Java object would be destroyed but later\ncalled into resulting in a free memory read. It might be possible\nfor an attacker to write to the freed memory before it is reused and run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2 nor other\nproducts built using the \"Gecko 1.8\" version of Mozilla code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02184", "scoring_system": "epss", "scoring_elements": "0.84674", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02184", "scoring_system": "epss", "scoring_elements": "0.84698", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503579", "reference_id": "503579", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503579" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837", "reference_id": "CVE-2009-1837", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-28", "reference_id": "mfsa2009-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1837" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1d9-6j5m-jqbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2442?format=api", "vulnerability_id": "VCID-d5j6-1sja-ruaj", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02887", "scoring_system": "epss", "scoring_elements": "0.86576", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02887", "scoring_system": "epss", "scoring_elements": "0.86599", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4063" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463203", "reference_id": "463203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063", "reference_id": "CVE-2008-4063", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4063" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5j6-1sja-ruaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2136?format=api", "vulnerability_id": "VCID-d95t-gxrb-ruac", "summary": "Security researcher Paul Stone reported that when\nan HTML selection containing JavaScript is copy-and-pasted or dropped\nonto a document with designMode enabled the JavaScript will be\nexecuted within the context of the site where the code was dropped. A\nmalicious site could leverage this issue in an XSS attack by\npersuading a user into taking such an action and in the process\nrunning malicious JavaScript within the context of another site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01267", "scoring_system": "epss", "scoring_elements": "0.79804", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01267", "scoring_system": "epss", "scoring_elements": "0.79829", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630075", "reference_id": "630075", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769", "reference_id": "CVE-2010-2769", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-62", "reference_id": "mfsa2010-62", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2769" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d95t-gxrb-ruac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2666?format=api", "vulnerability_id": "VCID-d9sj-vmr1-67fj", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0585", "scoring_system": "epss", "scoring_elements": "0.90717", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0585", "scoring_system": "epss", "scoring_elements": "0.9073", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381", "reference_id": "CVE-2009-3381", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3381" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9sj-vmr1-67fj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95440?format=api", "vulnerability_id": "VCID-dakd-jq6d-f7av", "summary": "Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56948", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56999", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614", "reference_id": "647614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=748379", "reference_id": "748379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=748379" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3640" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dakd-jq6d-f7av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2672?format=api", "vulnerability_id": "VCID-dbrb-ahba-t7bz", "summary": "Security researcher Nils reported via\nTippingPoint's Zero Day Initiative that the XUL tree\nmethod _moveToEdgeShift was in some cases triggering\ngarbage collection routines on objects which were still in use. In\nsuch cases, the browser would crash when attempting to access a\npreviously destroyed object and this crash could be used by an\nattacker to run arbitrary code on a victim's computer.This vulnerability was used by the reporter to win the\n2009 CanSecWest Pwn2Own contest.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07842", "scoring_system": "epss", "scoring_elements": "0.92137", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07842", "scoring_system": "epss", "scoring_elements": "0.92149", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1044" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=492212", "reference_id": "492212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=492212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044", "reference_id": "CVE-2009-1044", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-13", "reference_id": "mfsa2009-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0397", "reference_id": "RHSA-2009:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0398", "reference_id": "RHSA-2009:0398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0398" }, { "reference_url": "https://usn.ubuntu.com/745-1/", "reference_id": "USN-745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1044" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dbrb-ahba-t7bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2606?format=api", "vulnerability_id": "VCID-dcga-xsfg-xqda", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the BrowserFeedWriter could be leveraged to run\nJavaScript code from web content with elevated privileges. Using this\nvulnerability, an attacker could construct an object containing\nmalicious JavaScript and cause the FeedWriter to process the object,\nrunning the malicious code with chrome privileges.Thunderbird does not support\nthe BrowserFeedWriter object and is not vulnerable in its\ndefault configuration. Thunderbird might be vulnerable if the user has\ninstalled any add-on which adds a similarly implemented feature and\nthen enables JavaScript in mail messages. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0151", "scoring_system": "epss", "scoring_elements": "0.81522", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0151", "scoring_system": "epss", "scoring_elements": "0.81551", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3079" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521695", "reference_id": "521695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079", "reference_id": "CVE-2009-3079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-51", "reference_id": "mfsa2009-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3079" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dcga-xsfg-xqda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2351?format=api", "vulnerability_id": "VCID-dm2x-x684-rqas", "summary": "Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0457", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07333", "scoring_system": "epss", "scoring_elements": "0.91836", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07333", "scoring_system": "epss", "scoring_elements": "0.91849", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0457" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116", "reference_id": "803116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457", "reference_id": "CVE-2012-0457", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14", "reference_id": "mfsa2012-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0457" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dm2x-x684-rqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2879?format=api", "vulnerability_id": "VCID-dmwt-m574-53ar", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87691", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87712", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581", "reference_id": "714581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363", "reference_id": "CVE-2011-2363", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2363" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmwt-m574-53ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2679?format=api", "vulnerability_id": "VCID-dtyq-b84g-fkaw", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04708", "scoring_system": "epss", "scoring_elements": "0.89556", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04708", "scoring_system": "epss", "scoring_elements": "0.89573", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1305" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256", "reference_id": "496256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305", "reference_id": "CVE-2009-1305", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1305" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dtyq-b84g-fkaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2318?format=api", "vulnerability_id": "VCID-dum5-zxjw-8yav", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0153", "scoring_system": "epss", "scoring_elements": "0.81639", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0153", "scoring_system": "epss", "scoring_elements": "0.8167", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4212" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877942", "reference_id": "877942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212", "reference_id": "CVE-2012-4212", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4212" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dum5-zxjw-8yav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2306?format=api", "vulnerability_id": "VCID-dvas-f3cr-1ud4", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75987", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635", "reference_id": "877635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835", "reference_id": "CVE-2012-5835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5835" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvas-f3cr-1ud4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2613?format=api", "vulnerability_id": "VCID-e15r-7w4r-syfy", "summary": "Mozilla discovered several bugs in liboggplay which posed potential\nmemory safety issues. The bugs which were fixed could potentially be\nused by an attacker to crash a victim's browser and execute arbitrary\ncode on their computer.Audio and Video capabilities were added to the Mozilla browser\nengine in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of\nthese products were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02632", "scoring_system": "epss", "scoring_elements": "0.85977", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02632", "scoring_system": "epss", "scoring_elements": "0.85999", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3388" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=548539", "reference_id": "548539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548539" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743", "reference_id": "575743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388", "reference_id": "CVE-2009-3388", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-66", "reference_id": "mfsa2009-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-66" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3388" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e15r-7w4r-syfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2885?format=api", "vulnerability_id": "VCID-e1bs-u53p-5bgg", "summary": "sczimmer reported a crash when scaling an OGG\n<video> element to extreme sizes.\nFirefox 3.6 is not affected by this vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03707", "scoring_system": "epss", "scoring_elements": "0.88169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03707", "scoring_system": "epss", "scoring_elements": "0.8819", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3665" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665", "reference_id": "CVE-2011-3665", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-58", "reference_id": "mfsa2011-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-58" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3665" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1bs-u53p-5bgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2314?format=api", "vulnerability_id": "VCID-e5be-z4bt-uydm", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02337", "scoring_system": "epss", "scoring_elements": "0.85145", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02337", "scoring_system": "epss", "scoring_elements": "0.85169", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4215" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215", "reference_id": "CVE-2012-4215", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4215" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5be-z4bt-uydm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2686?format=api", "vulnerability_id": "VCID-eb9z-2ahu-bff8", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat it is possible to create a document whose URI does not match the\ndocument's principal using XMLHttpRequest. This type of\nmismatch leads to incorrect results in principal-based security\nchecks. An attacker could use this vulnerability to execute arbitrary\nJavaScript within the context of another site.moz_bug_r_a4 separately reported\nthat XPCNativeWrapper.toString's\n__proto__ comes from the wrong scope which results in\ncalls to that function being executed in the wrong context in certain\ncircumstances. An attacker could use this vulnerability to run\narbitrary code within the context of a different site. Alternatively,\nif chrome were to call content.toString.call(), then\nattacker-defined functions could be run with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01757", "scoring_system": "epss", "scoring_elements": "0.82937", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01757", "scoring_system": "epss", "scoring_elements": "0.82964", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1309" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267", "reference_id": "496267", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309", "reference_id": "CVE-2009-1309", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-19", "reference_id": "mfsa2009-19", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1309" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eb9z-2ahu-bff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2304?format=api", "vulnerability_id": "VCID-ed83-3zy8-yffx", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75414", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75443", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635", "reference_id": "877635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830", "reference_id": "CVE-2012-5830", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5830" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed83-3zy8-yffx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2829?format=api", "vulnerability_id": "VCID-egs8-xcpx-eyhm", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59715", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59765", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2986" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986", "reference_id": "CVE-2011-2986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2986" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egs8-xcpx-eyhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2307?format=api", "vulnerability_id": "VCID-ekzu-rjes-4uam", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.77602", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.7763", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877945", "reference_id": "877945", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838", "reference_id": "CVE-2012-5838", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5838" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekzu-rjes-4uam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2640?format=api", "vulnerability_id": "VCID-eprr-1559-u3dn", "summary": "Mozilla add-on developer Pavel Cvrcek reported\nthat certain invalid unicode characters, when used as part of an IDN,\nare displayed as whitespace in the location bar. This whitespace\ncould be used to force part of the URL out of view in the location\nbar. An attacker could use this vulnerability to spoof the location\nbar and display a misleading URL for their malicious web page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1834", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11374", "scoring_system": "epss", "scoring_elements": "0.9369", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11374", "scoring_system": "epss", "scoring_elements": "0.937", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1834" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503573", "reference_id": "503573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834", "reference_id": "CVE-2009-1834", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt", "reference_id": "CVE-2009-1834;OSVDB-55162", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35388/info", "reference_id": "CVE-2009-1834;OSVDB-55162", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35388/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25", "reference_id": "mfsa2009-25", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1834" ], "risk_score": 5.4, "exploitability": "2.0", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eprr-1559-u3dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2229?format=api", "vulnerability_id": "VCID-euga-mg6n-rkac", "summary": "A memory corruption flaw leading to code execution was reported by\nsecurity researcher Nils of MWR InfoSecurity during the\n2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative.\nBy moving DOM nodes between documents Nils found a case where the moved\nnode incorrectly retained its old scope. If garbage collection could\nbe triggered at the right time then Firefox would later use this freed\nobject.The contest winning exploit only affects Firefox 3.6\nand not earlier versions.Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and\nThunderbird 3.0 based on earlier versions of the browser\nengine were patched just in case there\nis an alternate way of triggering the underlying flaw.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0465", "scoring_system": "epss", "scoring_elements": "0.89483", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0465", "scoring_system": "epss", "scoring_elements": "0.89502", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1121" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=577029", "reference_id": "577029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577029" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121", "reference_id": "CVE-2010-1121", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-25", "reference_id": "mfsa2010-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1121" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-euga-mg6n-rkac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2256?format=api", "vulnerability_id": "VCID-ewd1-u7ku-8bau", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.86212", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.86233", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183", "reference_id": "CVE-2012-4183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4183" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewd1-u7ku-8bau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2440?format=api", "vulnerability_id": "VCID-ezcw-8rm3-yfe4", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03898", "scoring_system": "epss", "scoring_elements": "0.88485", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03898", "scoring_system": "epss", "scoring_elements": "0.88503", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463199", "reference_id": "463199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061", "reference_id": "CVE-2008-4061", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4061" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezcw-8rm3-yfe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2137?format=api", "vulnerability_id": "VCID-f1na-6x4z-e3aa", "summary": "Security researchers David Huang\nand Collin Jackson of Carnegie Mellon University\nCyLab (Silicon Valley campus) reported that the type\nattribute of an <object> tag can override the charset of a\nframed HTML document, even when the document is included across\norigins. A page could be constructed containing such an\n<object> tag which sets the charset of the framed document to\nUTF-7. This could potentially allow an attacker to inject UTF-7\nencoded JavaScript into a site, bypassing the site's XSS filters, and\nthen executing the code using the above technique.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73884", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.7392", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630074", "reference_id": "630074", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768", "reference_id": "CVE-2010-2768", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-61", "reference_id": "mfsa2010-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2768" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1na-6x4z-e3aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2618?format=api", "vulnerability_id": "VCID-f3dr-bet4-qfhn", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.8716", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.87182", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521687", "reference_id": "521687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071", "reference_id": "CVE-2009-3071", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3071" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f3dr-bet4-qfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2387?format=api", "vulnerability_id": "VCID-f5ve-9rj6-2qhd", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a use-after-free in the IME State Manager code. This could lead to a\npotentially exploitable crash. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06071", "scoring_system": "epss", "scoring_elements": "0.90906", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06071", "scoring_system": "epss", "scoring_elements": "0.90922", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863628", "reference_id": "863628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990", "reference_id": "CVE-2012-3990", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-87", "reference_id": "mfsa2012-87", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-87" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3990" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5ve-9rj6-2qhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2598?format=api", "vulnerability_id": "VCID-f6ej-8y41-f3a9", "summary": "Security researcher Jeremy Brown reported that the\nfile naming scheme used for downloading a file which already exists in\nthe downloads folder is predictable. If an attacker had local access\nto a victim's computer and knew the name of a file the victim intended\nto open through the Download Manager, he could use this vulnerability\nto place a malicious file in the world-writable directory used to save\ntemporary downloaded files and cause the browser to choose the\nincorrect file when opening it. Since this attack requires local\naccess to the victim's machine, the severity of this vulnerability was\ndetermined to be low.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33735", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33841", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3274" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=524815", "reference_id": "524815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274", "reference_id": "CVE-2009-3274", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-53", "reference_id": "mfsa2009-53", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3274" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6ej-8y41-f3a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2644?format=api", "vulnerability_id": "VCID-feey-1wqm-ekhz", "summary": "Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way. This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page. An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0205", "scoring_system": "epss", "scoring_elements": "0.84189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0205", "scoring_system": "epss", "scoring_elements": "0.84212", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546722", "reference_id": "546722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984", "reference_id": "CVE-2009-3984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69", "reference_id": "mfsa2009-69", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1673", "reference_id": "RHSA-2009:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3984" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-feey-1wqm-ekhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2662?format=api", "vulnerability_id": "VCID-fg62-2jrb-93bf", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0746", "scoring_system": "epss", "scoring_elements": "0.91905", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0746", "scoring_system": "epss", "scoring_elements": "0.91917", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488283", "reference_id": "488283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774", "reference_id": "CVE-2009-0774", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" }, { "reference_url": "https://usn.ubuntu.com/728-2/", "reference_id": "USN-728-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-2/" }, { "reference_url": "https://usn.ubuntu.com/728-3/", "reference_id": "USN-728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-3/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0774" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fg62-2jrb-93bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2204?format=api", "vulnerability_id": "VCID-fhxf-xr7y-23cn", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that the implementation of XUL\n<tree>'s content view contains a dangling pointer vulnerability.\nOne of the content view's methods for accessing the internal structure\nof the tree could be manipulated into removing a node prior to\naccessing it, resulting in the accessing of deleted memory. If an\nattacker can control the contents of the deleted memory prior to its\naccess they could use this vulnerability to run arbitrary code on a\nvictim's machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05398", "scoring_system": "epss", "scoring_elements": "0.90291", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05398", "scoring_system": "epss", "scoring_elements": "0.90307", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630067", "reference_id": "630067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167", "reference_id": "CVE-2010-3167", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-56", "reference_id": "mfsa2010-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3167" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhxf-xr7y-23cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2817?format=api", "vulnerability_id": "VCID-fkhf-5gf8-r7f2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07005", "scoring_system": "epss", "scoring_elements": "0.9162", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07005", "scoring_system": "epss", "scoring_elements": "0.91632", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991", "reference_id": "CVE-2011-2991", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2991" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fkhf-5gf8-r7f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/251265?format=api", "vulnerability_id": "VCID-fpka-t8jw-r3bk", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0068" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fpka-t8jw-r3bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2248?format=api", "vulnerability_id": "VCID-fr32-1m9n-c7ed", "summary": "Security researcher vsemozhetbyt reported that when the\nDOMParser is used to parse text/html data in a Firefox extension, linked\nresources within this HTML data will be loaded. If the data being parsed in the\nextension is untrusted, it could lead to information leakage and can\npotentially be combined with other attacks to become exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76379", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76406", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851929", "reference_id": "851929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975", "reference_id": "CVE-2012-3975", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-68", "reference_id": "mfsa2012-68", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-68" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3975" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fr32-1m9n-c7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2165?format=api", "vulnerability_id": "VCID-fy48-6aec-s7g2", "summary": "Security researcher Alin Rad Pop of Secunia\nResearch reported that the HTML parser incorrectly freed used memory\nwhen insufficient space was available to process remaining input.\nUnder such circumstances, memory occupied by in-use objects was freed\nand could later be filled with attacker-controlled text. These\nconditions could result in the execution or arbitrary code if methods\non the freed objects were subsequently called.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91683", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91695", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1571" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566050", "reference_id": "566050", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566050" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571", "reference_id": "CVE-2009-1571", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-03", "reference_id": "mfsa2010-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1571" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fy48-6aec-s7g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2389?format=api", "vulnerability_id": "VCID-fz87-6128-d3f9", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01275", "scoring_system": "epss", "scoring_elements": "0.79887", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01275", "scoring_system": "epss", "scoring_elements": "0.79912", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863614", "reference_id": "863614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982", "reference_id": "CVE-2012-3982", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-74", "reference_id": "mfsa2012-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-74" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3982" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fz87-6128-d3f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2379?format=api", "vulnerability_id": "VCID-g2f7-uxpe-5baw", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05074", "scoring_system": "epss", "scoring_elements": "0.89963", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05074", "scoring_system": "epss", "scoring_elements": "0.89978", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3969" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922", "reference_id": "851922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969", "reference_id": "CVE-2012-3969", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63", "reference_id": "mfsa2012-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3969" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2f7-uxpe-5baw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2187?format=api", "vulnerability_id": "VCID-g3ws-tzqe-mkgg", "summary": "Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random(). Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user. This additional variant is\nidentified as CVE-2010-3171.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08698", "scoring_system": "epss", "scoring_elements": "0.92629", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08698", "scoring_system": "epss", "scoring_elements": "0.92642", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171", "reference_id": "CVE-2010-3171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c", "reference_id": "CVE-2010-3171;OSVDB-53341", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c" }, { "reference_url": "https://www.securityfocus.com/bid/43222/info", "reference_id": "CVE-2010-3171;OSVDB-53341", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/43222/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33", "reference_id": "mfsa2010-33", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3171" ], "risk_score": 5.4, "exploitability": "2.0", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3ws-tzqe-mkgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2234?format=api", "vulnerability_id": "VCID-g4c9-yy3u-aqaw", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0276", "scoring_system": "epss", "scoring_elements": "0.86289", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0276", "scoring_system": "epss", "scoring_elements": "0.86311", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443", "reference_id": "CVE-2012-0443", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01", "reference_id": "mfsa2012-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0443" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4c9-yy3u-aqaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2181?format=api", "vulnerability_id": "VCID-g4sm-cpy2-pkga", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26203", "scoring_system": "epss", "scoring_elements": "0.96396", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.26203", "scoring_system": "epss", "scoring_elements": "0.96401", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166", "reference_id": "CVE-2010-0166", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html", "reference_id": "CVE-2010-0166;OSVDB-63266", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html" }, { "reference_url": "https://www.securityfocus.com/bid/38943/info", "reference_id": "CVE-2010-0166;OSVDB-63266", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/38943/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0166" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4sm-cpy2-pkga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2288?format=api", "vulnerability_id": "VCID-g5eb-pmmj-p7dr", "summary": "Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00962", "scoring_system": "epss", "scoring_elements": "0.76844", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00962", "scoring_system": "epss", "scoring_elements": "0.76876", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4195" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893", "reference_id": "869893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195", "reference_id": "CVE-2012-4195", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90", "reference_id": "mfsa2012-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1407", "reference_id": "RHSA-2012:1407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1413", "reference_id": "RHSA-2012:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1413" }, { "reference_url": "https://usn.ubuntu.com/1620-1/", "reference_id": "USN-1620-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-1/" }, { "reference_url": "https://usn.ubuntu.com/1620-2/", "reference_id": "USN-1620-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4195" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5eb-pmmj-p7dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2399?format=api", "vulnerability_id": "VCID-g6h1-d75p-jfag", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01161", "scoring_system": "epss", "scoring_elements": "0.78937", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01161", "scoring_system": "epss", "scoring_elements": "0.78964", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109", "reference_id": "803109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461", "reference_id": "CVE-2012-0461", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0461" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6h1-d75p-jfag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2257?format=api", "vulnerability_id": "VCID-g6u7-5kzb-yqha", "summary": "Security researcher Masato Kinugawa found that during the\ndecoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024\nbytes are treated incorrectly, either doubling or deleting bytes. On certain\npages it might be possible for an attacker to pad the output of the page such\nthat these errors fall in the right place to affect the structure of the page,\nallowing for cross-site script (XSS) injection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72885", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72922", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815026", "reference_id": "815026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477", "reference_id": "CVE-2012-0477", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-29", "reference_id": "mfsa2012-29", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0477" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6u7-5kzb-yqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2221?format=api", "vulnerability_id": "VCID-g7aa-s8j6-b3ef", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that XUL <tree> objects could\nbe manipulated such that the setting of certain properties on the\nobject would trigger the removal of the tree from the DOM and cause\ncertain sections of deleted memory to be accessed. In products based on\nGecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer\nthis memory has been overwritten by a value that will cause an\nunexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5,\nThunderbird 3.0, and SeaMonkey 2.0) and older an attacker could\npotentially use this vulnerability to crash a victim's browser and run\narbitrary code on their computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05398", "scoring_system": "epss", "scoring_elements": "0.90291", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05398", "scoring_system": "epss", "scoring_elements": "0.90307", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3168" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630064", "reference_id": "630064", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168", "reference_id": "CVE-2010-3168", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-55", "reference_id": "mfsa2010-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3168" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7aa-s8j6-b3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2144?format=api", "vulnerability_id": "VCID-g9gb-vpak-jkdj", "summary": "Google security researcher Robert Swiecki reported\nthat functions used by the Gopher parser to convert text to HTML tags\ncould be exploited to turn text into executable JavaScript. If an\nattacker could create a file or directory on a Gopher server with the\nencoded script as part of its name the script would then run in a\nvictim's browser within the context of the site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72885", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72922", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642290", "reference_id": "642290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177", "reference_id": "CVE-2010-3177", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-68", "reference_id": "mfsa2010-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3177" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g9gb-vpak-jkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2890?format=api", "vulnerability_id": "VCID-g9ht-dkv6-gyac", "summary": "Mozilla security researcher David Chan reported\nthat cookies set for example.com. (note the trailing dot)\nand example.com were treated as interchangeable. This is\na violation of same-origin conventions and could potentially lead to\nleakage of cookie data to the wrong party.This issue did not affect Firefox 4, SeaMonkey 2.1, or newer\nMozilla-based products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01226", "scoring_system": "epss", "scoring_elements": "0.79467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01226", "scoring_system": "epss", "scoring_elements": "0.79495", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2362" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714583", "reference_id": "714583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714583" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362", "reference_id": "CVE-2011-2362", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-24", "reference_id": "mfsa2011-24", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2362" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g9ht-dkv6-gyac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2492?format=api", "vulnerability_id": "VCID-ga96-mhg4-z7h9", "summary": "Security researcher Luke Bryan reported that file:\nURIs are given chrome privileges when opened in the same tab as a\nchrome page or privileged about: page. This vulnerability could be\nused by an attacker to run arbitrary JavaScript with chrome\nprivileges. The severity of this issue was determined to be moderate\nas it requires an attacker to have malicious code saved locally, then\nhave a user open a chrome: document or privileged about: URI, and then\nopen the malicious file in the same privileged tab.Firefox 2 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05714", "scoring_system": "epss", "scoring_elements": "0.90584", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05714", "scoring_system": "epss", "scoring_elements": "0.90598", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5015" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470876", "reference_id": "470876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015", "reference_id": "CVE-2008-5015", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-51", "reference_id": "mfsa2008-51", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5015" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ga96-mhg4-z7h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2291?format=api", "vulnerability_id": "VCID-gadh-19ks-vuem", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent\nis released and oldFocusedContent is used afterwards. This use-after-free could\npossibly allow for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03872", "scoring_system": "epss", "scoring_elements": "0.88444", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03872", "scoring_system": "epss", "scoring_elements": "0.88461", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1958" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840211", "reference_id": "840211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958", "reference_id": "CVE-2012-1958", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-48", "reference_id": "mfsa2012-48", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1958" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gadh-19ks-vuem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2289?format=api", "vulnerability_id": "VCID-garp-92yw-2yeb", "summary": "Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00964", "scoring_system": "epss", "scoring_elements": "0.76895", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00964", "scoring_system": "epss", "scoring_elements": "0.76928", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893", "reference_id": "869893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196", "reference_id": "CVE-2012-4196", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90", "reference_id": "mfsa2012-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1407", "reference_id": "RHSA-2012:1407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1413", "reference_id": "RHSA-2012:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1413" }, { "reference_url": "https://usn.ubuntu.com/1620-1/", "reference_id": "USN-1620-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-1/" }, { "reference_url": "https://usn.ubuntu.com/1620-2/", "reference_id": "USN-1620-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4196" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-garp-92yw-2yeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2421?format=api", "vulnerability_id": "VCID-ge7h-93tj-zycj", "summary": "Mozilla developer Boris Zbarsky reported that XBL\n bindings could be used to read data from other domains, a violation\n of the same-origin policy. The severity of this issue was determined\n to be moderate due to several mitigating factors:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79532", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79558", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5503" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476272", "reference_id": "476272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503", "reference_id": "CVE-2008-5503", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-61", "reference_id": "mfsa2008-61", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5503" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ge7h-93tj-zycj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2491?format=api", "vulnerability_id": "VCID-gf5k-p1zj-kkam", "summary": "Marius Schilder of Google Security reported that\nwhen a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR. Cookies marked HttpOnly were not readable, but\nother potentially sensitive data could be revealed in the XHR response\nincluding URL parameters and content in the response body.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.6724", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67281", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5506" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476278", "reference_id": "476278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506", "reference_id": "CVE-2008-5506", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-64", "reference_id": "mfsa2008-64", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5506" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gf5k-p1zj-kkam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2420?format=api", "vulnerability_id": "VCID-gg44-fj5q-gudh", "summary": "Security researcher Collin Jackson reported that\nthe -moz-binding CSS property can be used to bypass security checks\nwhich validate codebase principals. Similar to the issue reported\nin MFSA 2008-23, Jackson demonstrated\nthat an attacker can replace a stylesheet in a signed JAR which uses\nrelative paths, and can then use the -moz-binding property to inject\nmalicious script into the JAR. The injected script will be executed\nwith the privileges of the signed JAR. This vulnerability can thus\nallow an attacker to run arbitrary JavaScript within the context of\nanother site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1839", "scoring_system": "epss", "scoring_elements": "0.95353", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1839", "scoring_system": "epss", "scoring_elements": "0.95361", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470898", "reference_id": "470898", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023", "reference_id": "CVE-2008-5023", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-57", "reference_id": "mfsa2008-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5023" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gg44-fj5q-gudh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2375?format=api", "vulnerability_id": "VCID-ggku-uzpq-wffw", "summary": "Security researcher Mario Gomes andresearch firm\nCode Audit Labs reported a mechanism to short-circuit page\nloads through drag and drop to the addressbar by canceling the page load. This\ncauses the address of the previously site entered to be displayed in the\naddressbar instead of the currently loaded page. This could lead to potential\nphishing attacks on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02775", "scoring_system": "epss", "scoring_elements": "0.86322", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02775", "scoring_system": "epss", "scoring_elements": "0.86344", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840203", "reference_id": "840203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950", "reference_id": "CVE-2012-1950", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-43", "reference_id": "mfsa2012-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1950" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggku-uzpq-wffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2667?format=api", "vulnerability_id": "VCID-gj5k-vhfn-y7b9", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15845", "scoring_system": "epss", "scoring_elements": "0.94866", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15845", "scoring_system": "epss", "scoring_elements": "0.94874", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3382" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530569", "reference_id": "530569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382", "reference_id": "CVE-2009-3382", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html", "reference_id": "CVE-2009-3382;OSVDB-59384", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html" }, { "reference_url": "https://www.securityfocus.com/bid/36866/info", "reference_id": "CVE-2009-3382;OSVDB-59384", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/36866/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3382" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gj5k-vhfn-y7b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2605?format=api", "vulnerability_id": "VCID-gkgb-xbu6-93fx", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the owner document of an element can become null after garbage\ncollection. In such cases, event listeners may be executed within the\nwrong JavaScript context. An attacker could potentially use this\nvulnerability to have a malicious event handler execute arbitrary\nJavaScript with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04629", "scoring_system": "epss", "scoring_elements": "0.89461", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04629", "scoring_system": "epss", "scoring_elements": "0.8948", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580", "reference_id": "503580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838", "reference_id": "CVE-2009-1838", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-29", "reference_id": "mfsa2009-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1838" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkgb-xbu6-93fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2227?format=api", "vulnerability_id": "VCID-gkry-fmfu-93ax", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a\nmalicious NodeFilter could be created which would detach\nnodes from the DOM tree while it was being traversed. The use of a\ndetached and subsequently deleted node could result in the execution\nof attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02213", "scoring_system": "epss", "scoring_elements": "0.84768", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02213", "scoring_system": "epss", "scoring_elements": "0.84792", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1209" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615459", "reference_id": "615459", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209", "reference_id": "CVE-2010-1209", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-36", "reference_id": "mfsa2010-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1209" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkry-fmfu-93ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2459?format=api", "vulnerability_id": "VCID-gnn7-kxvp-sqbd", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects. moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object. These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0348", "scoring_system": "epss", "scoring_elements": "0.87785", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0348", "scoring_system": "epss", "scoring_elements": "0.87807", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463190", "reference_id": "463190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463190" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058", "reference_id": "CVE-2008-4058", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41", "reference_id": "mfsa2008-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4058" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnn7-kxvp-sqbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116834?format=api", "vulnerability_id": "VCID-gp4m-ysf8-7ug5", "summary": "security flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18653", "scoring_system": "epss", "scoring_elements": "0.95394", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.18653", "scoring_system": "epss", "scoring_elements": "0.95402", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5052" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618336", "reference_id": "1618336", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618336" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5052" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gp4m-ysf8-7ug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140489?format=api", "vulnerability_id": "VCID-gram-yge1-rff3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06763", "scoring_system": "epss", "scoring_elements": "0.9146", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06763", "scoring_system": "epss", "scoring_elements": "0.91473", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2671" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html", "reference_id": "CVE-2007-2671;OSVDB-35700", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html" }, { "reference_url": "https://www.securityfocus.com/bid/23747/info", "reference_id": "CVE-2007-2671;OSVDB-35700", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/23747/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2007-2671" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gram-yge1-rff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/156833?format=api", "vulnerability_id": "VCID-gsfm-92c8-nbce", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-5074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39119", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39208", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-5074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-5074" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsfm-92c8-nbce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2297?format=api", "vulnerability_id": "VCID-gspz-z5za-xffc", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01416", "scoring_system": "epss", "scoring_elements": "0.80902", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01416", "scoring_system": "epss", "scoring_elements": "0.80931", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1953" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953", "reference_id": "CVE-2012-1953", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1953" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gspz-z5za-xffc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2195?format=api", "vulnerability_id": "VCID-gtnu-ebdw-7uct", "summary": "Matt Haggard reported that\nthe statusText property of an XMLHttpRequest\nobject is readable by the requester even when the request is made\nacross origins. This status information reveals the presence of a web\nserver and could be used to gather information about servers on\ninternal private networks.This issue was also independently reported to Mozilla\nby Nicholas Berthaume", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00878", "scoring_system": "epss", "scoring_elements": "0.7569", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00878", "scoring_system": "epss", "scoring_elements": "0.75718", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630078", "reference_id": "630078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764", "reference_id": "CVE-2010-2764", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-63", "reference_id": "mfsa2010-63", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2764" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gtnu-ebdw-7uct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2668?format=api", "vulnerability_id": "VCID-gu93-f2uq-gfcm", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05615", "scoring_system": "epss", "scoring_elements": "0.9049", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05615", "scoring_system": "epss", "scoring_elements": "0.90504", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383", "reference_id": "CVE-2009-3383", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3383" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gu93-f2uq-gfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2225?format=api", "vulnerability_id": "VCID-gvz7-7pyc-vueq", "summary": "Security researcher Martin Barbella reported via\nTippingPoint's Zero Day Initiative that an XSLT node sorting routine\ncontained an integer overflow vulnerability. In cases where one of\nthe nodes to be sorted contained a very large text value, the integer\nused to allocate a memory buffer to store its value would overflow,\nresulting in too small a buffer being created. An attacker could use\nthis vulnerability to write data past the end of the buffer, causing\nthe browser to crash and potentially running arbitrary code on a\nvictim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.42703", "scoring_system": "epss", "scoring_elements": "0.97543", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.42703", "scoring_system": "epss", "scoring_elements": "0.97547", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1199" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833", "reference_id": "590833", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199", "reference_id": "CVE-2010-1199", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py", "reference_id": "CVE-2010-1199", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt", "reference_id": "CVE-2010-1199;OSVDB-65744", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt" }, { "reference_url": "https://www.securityfocus.com/bid/41082/info", "reference_id": "CVE-2010-1199;OSVDB-65744", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/41082/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-30", "reference_id": "mfsa2010-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1199" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvz7-7pyc-vueq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2135?format=api", "vulnerability_id": "VCID-gzq8-a9pe-zyee", "summary": "Google security researcher Michal Zalewski\nreported that focus() could be used to change a user's\ncursor focus while they are typing, potentially directing their\nkeyboard input to an unintended location. This behavior was also\npresent across origins when content from one domain was embedded\nwithin another via an iframe. A malicious web page could use this\nbehavior to steal keystrokes from a victim while they were typing\nsensitive information such as a password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02114", "scoring_system": "epss", "scoring_elements": "0.84429", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02114", "scoring_system": "epss", "scoring_elements": "0.84452", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1125" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=577584", "reference_id": "577584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577584" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125", "reference_id": "CVE-2010-1125", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-31", "reference_id": "mfsa2010-31", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1125" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzq8-a9pe-zyee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116595?format=api", "vulnerability_id": "VCID-h2gc-q763-vfc5", "summary": ": Firefox DoS (crash) via crafted web site that triggers memory consumption", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00947", "scoring_system": "epss", "scoring_elements": "0.76688", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00947", "scoring_system": "epss", "scoring_elements": "0.76717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0220" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=579085", "reference_id": "579085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579085" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0220" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2gc-q763-vfc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2437?format=api", "vulnerability_id": "VCID-h77t-hk1k-cyej", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17422", "scoring_system": "epss", "scoring_elements": "0.95192", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17422", "scoring_system": "epss", "scoring_elements": "0.952", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470883", "reference_id": "470883", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017", "reference_id": "CVE-2008-5017", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52", "reference_id": "mfsa2008-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5017" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h77t-hk1k-cyej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115232?format=api", "vulnerability_id": "VCID-h8au-2tec-kkbv", "summary": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3101", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0174", "scoring_system": "epss", "scoring_elements": "0.82856", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0174", "scoring_system": "epss", "scoring_elements": "0.82882", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3101" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://security.gentoo.org/glsa/201205-03", "reference_id": "GLSA-201205-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201205-03" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3101" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8au-2tec-kkbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2678?format=api", "vulnerability_id": "VCID-h911-mxru-5kbh", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06664", "scoring_system": "epss", "scoring_elements": "0.91384", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06664", "scoring_system": "epss", "scoring_elements": "0.91398", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1304" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496255", "reference_id": "496255", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304", "reference_id": "CVE-2009-1304", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1304" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h911-mxru-5kbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2853?format=api", "vulnerability_id": "VCID-h919-wzxu-wqge", "summary": "Security researcher Aki Helin reported a crash\nin the YARR regular expression library that could be triggered by\njavascript in web content.\nThe YARR library was not used in older versions of\nthe Mozilla browser engine. This vulnerability does not affect\nFirefox 3.6 or Thunderbird 3.1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04527", "scoring_system": "epss", "scoring_elements": "0.8935", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04527", "scoring_system": "epss", "scoring_elements": "0.89368", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661", "reference_id": "CVE-2011-3661", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-54", "reference_id": "mfsa2011-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-54" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3661" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h919-wzxu-wqge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2887?format=api", "vulnerability_id": "VCID-h9km-q4fb-hkcm", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08708", "scoring_system": "epss", "scoring_elements": "0.92633", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08708", "scoring_system": "epss", "scoring_elements": "0.92646", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2996" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741903", "reference_id": "741903", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996", "reference_id": "CVE-2011-2996", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36", "reference_id": "mfsa2011-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2996" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9km-q4fb-hkcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2413?format=api", "vulnerability_id": "VCID-hfs6-4xea-hufa", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free while replacing/inserting a node in a document.\nThis use-after-free could possibly allow for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1946", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81135", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81163", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1946" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827832", "reference_id": "827832", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946", "reference_id": "CVE-2012-1946", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-38", "reference_id": "mfsa2012-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1946" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfs6-4xea-hufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2637?format=api", "vulnerability_id": "VCID-hfx9-d6d1-5kbv", "summary": "Security researcher Gregory Fleischer reported\nthat the exception messages generated by\nMozilla's GeckoActiveXObject differ based on whether or\nnot the requested COM object's ProgID is present in the system\nregistry. A malicious site could use this vulnerability to enumerate\na list of COM objects installed on a user's system and create a\nprofile to track the user across browsing sessions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00812", "scoring_system": "epss", "scoring_elements": "0.74605", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00812", "scoring_system": "epss", "scoring_elements": "0.74636", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3987" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546729", "reference_id": "546729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987", "reference_id": "CVE-2009-3987", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-71", "reference_id": "mfsa2009-71", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-71" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3987" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfx9-d6d1-5kbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2684?format=api", "vulnerability_id": "VCID-hgvh-r793-d7e1", "summary": "Paul Nel reported that certain HTTP directives to\nnot cache web pages, Cache-Control: no-store and Cache-Control:\nno-cache for HTTPS pages, were being ignored by Firefox 3. On a\nshared system, applications relying upon these HTTP directives could\npotentially expose private data. Another user on the system could use\nthis vulnerability to view improperly cached pages containing private\ndata by navigating the browser back.Firefox 2 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.4096", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41036", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0358" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483150", "reference_id": "483150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358", "reference_id": "CVE-2009-0358", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-06", "reference_id": "mfsa2009-06", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0358" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hgvh-r793-d7e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2467?format=api", "vulnerability_id": "VCID-hsqv-k32f-eqbv", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77527", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77554", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5511" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476285", "reference_id": "476285", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511", "reference_id": "CVE-2008-5511", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68", "reference_id": "mfsa2008-68", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5511" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsqv-k32f-eqbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2861?format=api", "vulnerability_id": "VCID-hsxq-pw7c-pydu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58599", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58646", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993", "reference_id": "CVE-2011-2993", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2993" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsxq-pw7c-pydu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2411?format=api", "vulnerability_id": "VCID-hsyn-kqfm-7yfm", "summary": "Security researcher Colby Russell discovered that eval in\nthe web console can execute injected code with chrome privileges, leading to the\nrunning of malicious code in a privileged context. This allows for arbitrary\ncode execution through a malicious web page if the web console is invoked by the\nuser.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02199", "scoring_system": "epss", "scoring_elements": "0.84723", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02199", "scoring_system": "epss", "scoring_elements": "0.84746", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3980" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851939", "reference_id": "851939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851939" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980", "reference_id": "CVE-2012-3980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-72", "reference_id": "mfsa2012-72", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-72" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3980" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsyn-kqfm-7yfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2381?format=api", "vulnerability_id": "VCID-hugz-ntms-1uge", "summary": "Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08531", "scoring_system": "epss", "scoring_elements": "0.92529", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08531", "scoring_system": "epss", "scoring_elements": "0.92542", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=872753", "reference_id": "872753", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190", "reference_id": "CVE-2012-4190", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88", "reference_id": "mfsa2012-88", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4190" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hugz-ntms-1uge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115142?format=api", "vulnerability_id": "VCID-huz9-qp3y-vfgg", "summary": "Mozilla: SPDY information disclosure (MFSA 2012-73)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=859827", "reference_id": "859827", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859827" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3977" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-huz9-qp3y-vfgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2480?format=api", "vulnerability_id": "VCID-hwk2-xetj-kke7", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nvulnerabilities in the session-restore feature by which content could be\ninjected into an incorrect document storage location, including\nstorage locations for other domains. An attacker could utilize these\nissues to violate the browser's same-origin policy and perform an XSS\nattack while SessionStore data is being restored.moz_bug_r_a4 also reported that one variant could be used by an\nattacker to run arbitrary JavaScript with chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78336", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78362", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476289", "reference_id": "476289", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476289" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513", "reference_id": "CVE-2008-5513", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-69", "reference_id": "mfsa2008-69", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5513" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwk2-xetj-kke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2878?format=api", "vulnerability_id": "VCID-hwyg-nsg1-fub7", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87691", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87712", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0083" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581", "reference_id": "714581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083", "reference_id": "CVE-2011-0083", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0083" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwyg-nsg1-fub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2049?format=api", "vulnerability_id": "VCID-hyj5-89d4-wbcn", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04573", "scoring_system": "epss", "scoring_elements": "0.89395", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04573", "scoring_system": "epss", "scoring_elements": "0.89414", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829", "reference_id": "CVE-2012-5829", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-02", "reference_id": "mfsa2013-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" }, { "reference_url": "https://usn.ubuntu.com/1681-1/", "reference_id": "USN-1681-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1681-1/" }, { "reference_url": "https://usn.ubuntu.com/1681-2/", "reference_id": "USN-1681-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1681-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5829" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hyj5-89d4-wbcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116605?format=api", "vulnerability_id": "VCID-j2vk-hxur-cyfa", "summary": "Thunderbird: DoS via large length property of a Select object", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08242", "scoring_system": "epss", "scoring_elements": "0.9237", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08242", "scoring_system": "epss", "scoring_elements": "0.92385", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512909", "reference_id": "512909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512909" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt", "reference_id": "OSVDB-56253;CVE-2009-2535", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2535" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2vk-hxur-cyfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2158?format=api", "vulnerability_id": "VCID-j4wy-buq8-kfg5", "summary": "Mozilla developer Daniel Holbert reported that the\nfix to the plugin parameter array crash that was fixed in Firefox\n3.6.7 caused a crash showing signs of memory corruption. In certain\ncircumstances, properties in the plugin instance's parameter array\ncould be freed prematurely leaving a dangling pointer that the plugin\ncould execute, potentially calling into attacker-controlled\nmemory.Firefox 3.5.11 was also affected by the regression\nbut the equivalent pointer was always initialized to NULL and \nnot exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2755", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10163", "scoring_system": "epss", "scoring_elements": "0.93247", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10163", "scoring_system": "epss", "scoring_elements": "0.93258", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=617657", "reference_id": "617657", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=617657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755", "reference_id": "CVE-2010-2755", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-48", "reference_id": "mfsa2010-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0556", "reference_id": "RHSA-2010:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0557", "reference_id": "RHSA-2010:0557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0558", "reference_id": "RHSA-2010:0558", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0558" }, { "reference_url": "https://usn.ubuntu.com/930-6/", "reference_id": "USN-930-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-6/" }, { "reference_url": "https://usn.ubuntu.com/957-2/", "reference_id": "USN-957-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2755" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4wy-buq8-kfg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2635?format=api", "vulnerability_id": "VCID-j5rm-5key-eqh7", "summary": "Mozilla security researcher Jesse Ruderman reported\nthat when security modules were added or removed\nvia pkcs11.addmodule or pkcs11.deletemodule,\nthe resulting dialog was not sufficiently informative. Without\nsufficient warning, an attacker could entice a victim to install a\nmalicious PKCS11 module and affect the cryptographic integrity of the\nvictim's browser.Security researcher Dan Kaminsky reported that\nthis issue had not been fixed in Firefox 3.0 and that under certain\ncircumstances pkcs11 modules could be installed from a\nremote location.Firefox 3.5 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17599", "scoring_system": "epss", "scoring_elements": "0.95218", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17599", "scoring_system": "epss", "scoring_elements": "0.95225", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3076" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692", "reference_id": "521692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076", "reference_id": "CVE-2009-3076", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt", "reference_id": "CVE-2009-3076;OSVDB-57977", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-48", "reference_id": "mfsa2009-48", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3076" ], "risk_score": 0.4, "exploitability": "2.0", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5rm-5key-eqh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2805?format=api", "vulnerability_id": "VCID-j62t-j6yb-7fdq", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.88942", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8896", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700617", "reference_id": "700617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074", "reference_id": "CVE-2011-0074", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0074" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j62t-j6yb-7fdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2630?format=api", "vulnerability_id": "VCID-j8zw-dg26-hfbe", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89734", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89751", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3379" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=531765", "reference_id": "531765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531765" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379", "reference_id": "CVE-2009-3379", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1561", "reference_id": "RHSA-2009:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1561" }, { "reference_url": "https://usn.ubuntu.com/861-1/", "reference_id": "USN-861-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/861-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3379" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8zw-dg26-hfbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2339?format=api", "vulnerability_id": "VCID-j97m-u5ab-4yfx", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84478", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84503", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3958" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958", "reference_id": "CVE-2012-3958", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3958" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j97m-u5ab-4yfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2600?format=api", "vulnerability_id": "VCID-jhrk-vntt-yqd7", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat a chrome XBL method can be used in conjunction\nwith window.eval to execute arbitrary JavaScript within\nthe context of another website, violating the same origin policy.Firefox 2 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.74222", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.74255", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483142", "reference_id": "483142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354", "reference_id": "CVE-2009-0354", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-02", "reference_id": "mfsa2009-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0354" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhrk-vntt-yqd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2212?format=api", "vulnerability_id": "VCID-jjgg-6xps-wud3", "summary": "Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument. The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext. The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate. A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58572", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2751" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615480", "reference_id": "615480", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751", "reference_id": "CVE-2010-2751", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45", "reference_id": "mfsa2010-45", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2751" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjgg-6xps-wud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2891?format=api", "vulnerability_id": "VCID-jmw4-gesh-4bfj", "summary": "Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71052", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71094", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413", "reference_id": "617413", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386", "reference_id": "684386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202", "reference_id": "CVE-2011-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18", "reference_id": "mfsa2011-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-1202" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmw4-gesh-4bfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2642?format=api", "vulnerability_id": "VCID-jppt-hyxw-gqa8", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07076", "scoring_system": "epss", "scoring_elements": "0.91664", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07076", "scoring_system": "epss", "scoring_elements": "0.91676", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662", "reference_id": "CVE-2009-2662", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45", "reference_id": "mfsa2009-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2662" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jppt-hyxw-gqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2383?format=api", "vulnerability_id": "VCID-jq9x-1rxz-1qb2", "summary": "Mozilla developer Tim Abraldes reported that when encoding\nimages as image/vnd.microsoft.icon the resulting data was always a\nfixed size, with uninitialized memory appended as padding beyond the size of the\nactual image. This is the result of mImageBufferSize in the encoder being\ninitialized with a value different than the size of the source image. There is\nthe possibility of sensitive data from uninitialized memory being appended to a\nPNG image when converted from an ICO format image. This sensitive data may then\nbe disclosed in the resulting image.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69833", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69873", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447", "reference_id": "CVE-2012-0447", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-06", "reference_id": "mfsa2012-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-06" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0447" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jq9x-1rxz-1qb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115414?format=api", "vulnerability_id": "VCID-jqh9-88vc-fyfc", "summary": "firefox: Does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47547", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47611", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=761550", "reference_id": "761550", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761550" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-4688" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh9-88vc-fyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2396?format=api", "vulnerability_id": "VCID-jqkh-dzuz-r7f1", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01723", "scoring_system": "epss", "scoring_elements": "0.82751", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01723", "scoring_system": "epss", "scoring_elements": "0.82777", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1937" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937", "reference_id": "CVE-2012-1937", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1937" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqkh-dzuz-r7f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2614?format=api", "vulnerability_id": "VCID-jt5p-kykj-7bcm", "summary": "Mozilla security researcher Georgi Guninski\nreported that a website could use nsIRDFService and a\ncross-domain redirect to steal arbitrary XML data from another domain,\na violation of the same-origin policy. This vulnerability could be\nused by a malicious website to steal private data from users\nauthenticated to the redirected website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00865", "scoring_system": "epss", "scoring_elements": "0.75476", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00865", "scoring_system": "epss", "scoring_elements": "0.75505", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488290", "reference_id": "488290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776", "reference_id": "CVE-2009-0776", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-09", "reference_id": "mfsa2009-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" }, { "reference_url": "https://usn.ubuntu.com/728-2/", "reference_id": "USN-728-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-2/" }, { "reference_url": "https://usn.ubuntu.com/728-3/", "reference_id": "USN-728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-3/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0776" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jt5p-kykj-7bcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115103?format=api", "vulnerability_id": "VCID-jwu5-m6ea-d7cb", "summary": "Mozilla: Select element persistance allows for attacks (MFSA 2012-75)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75811", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616", "reference_id": "863616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5354" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwu5-m6ea-d7cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2883?format=api", "vulnerability_id": "VCID-jzg1-phde-nqe5", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.81161", "scoring_system": "epss", "scoring_elements": "0.99182", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.81161", "scoring_system": "epss", "scoring_elements": "0.99183", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0073" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700619", "reference_id": "700619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073", "reference_id": "CVE-2011-0073", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip", "reference_id": "CVE-2011-0073;OSVDB-72087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb", "reference_id": "CVE-2011-0073;OSVDB-72087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-11-157/", "reference_id": "CVE-2011-0073;OSVDB-72087", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-157/" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0073" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzg1-phde-nqe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2460?format=api", "vulnerability_id": "VCID-k3e3-amtm-3qbz", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects. moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object. These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07556", "scoring_system": "epss", "scoring_elements": "0.91972", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07556", "scoring_system": "epss", "scoring_elements": "0.91984", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4059" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463192", "reference_id": "463192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463192" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059", "reference_id": "CVE-2008-4059", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41", "reference_id": "mfsa2008-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4059" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3e3-amtm-3qbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2188?format=api", "vulnerability_id": "VCID-k4zg-4qj2-r7eg", "summary": "Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random(). Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user. This additional variant is\nidentified as CVE-2010-3171.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63166", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.6321", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5913" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=480938", "reference_id": "480938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480938" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913", "reference_id": "CVE-2008-5913", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33", "reference_id": "mfsa2010-33", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5913" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4zg-4qj2-r7eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2866?format=api", "vulnerability_id": "VCID-k5t5-zv4u-w7am", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04023", "scoring_system": "epss", "scoring_elements": "0.88678", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04023", "scoring_system": "epss", "scoring_elements": "0.88695", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2374" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374", "reference_id": "CVE-2011-2374", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2374" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5t5-zv4u-w7am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2616?format=api", "vulnerability_id": "VCID-kakw-qs85-wkek", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05238", "scoring_system": "epss", "scoring_elements": "0.90135", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05238", "scoring_system": "epss", "scoring_elements": "0.90151", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521684", "reference_id": "521684", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069", "reference_id": "CVE-2009-3069", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3069" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kakw-qs85-wkek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2629?format=api", "vulnerability_id": "VCID-kg61-mkup-83e9", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07", "scoring_system": "epss", "scoring_elements": "0.91616", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07", "scoring_system": "epss", "scoring_elements": "0.91628", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3377" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=531770", "reference_id": "531770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377", "reference_id": "CVE-2009-3377", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3377" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kg61-mkup-83e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2222?format=api", "vulnerability_id": "VCID-kh38-ksfk-b3cp", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03233", "scoring_system": "epss", "scoring_elements": "0.8731", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03233", "scoring_system": "epss", "scoring_elements": "0.87332", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630055", "reference_id": "630055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630055" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169", "reference_id": "CVE-2010-3169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-49", "reference_id": "mfsa2010-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3169" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kh38-ksfk-b3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2880?format=api", "vulnerability_id": "VCID-kjtt-7579-63ep", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87691", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87712", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0085" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581", "reference_id": "714581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085", "reference_id": "CVE-2011-0085", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0085" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjtt-7579-63ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2894?format=api", "vulnerability_id": "VCID-kvbr-8c7s-ubey", "summary": "Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08632", "scoring_system": "epss", "scoring_elements": "0.92584", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08632", "scoring_system": "epss", "scoring_elements": "0.92597", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654", "reference_id": "CVE-2011-3654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48", "reference_id": "mfsa2011-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3654" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvbr-8c7s-ubey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2260?format=api", "vulnerability_id": "VCID-kxv9-1d1t-rueg", "summary": "Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00577", "scoring_system": "epss", "scoring_elements": "0.69191", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00577", "scoring_system": "epss", "scoring_elements": "0.6923", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4208" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877627", "reference_id": "877627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208", "reference_id": "CVE-2012-4208", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-99", "reference_id": "mfsa2012-99", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-99" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4208" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxv9-1d1t-rueg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2475?format=api", "vulnerability_id": "VCID-kzs1-hx2t-y7da", "summary": "Security researcher Hish reported that\nthe persist attribute in XUL elements can be used to\nstore cookie-like information on a user's computer which could later\nbe read by a website. This creates a privacy issue for users who have\na non-standard cookie preference and wish to prevent sites from\nsetting cookies on their machine. Even with cookies turned off, this\nissue could be used by a website to write persistent data in a user's\nbrowser and track the user across browsing sessions. Additionally,\nthis issue could allow a website to bypass the limits normally placed\non cookie size and number.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00833", "scoring_system": "epss", "scoring_elements": "0.74956", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00833", "scoring_system": "epss", "scoring_elements": "0.74984", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5505" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476274", "reference_id": "476274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505", "reference_id": "CVE-2008-5505", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-63", "reference_id": "mfsa2008-63", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5505" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzs1-hx2t-y7da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2348?format=api", "vulnerability_id": "VCID-m66w-2zgj-kqhr", "summary": "Security researcher Soroush Dalili reported that a\ncombination of invoking full screen mode and navigating backwards in history\ncould, in some circumstances, cause a hang or crash due to a timing dependent\nuse-after-free pointer reference. This crash may be potentially exploitable.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0399", "scoring_system": "epss", "scoring_elements": "0.88619", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0399", "scoring_system": "epss", "scoring_elements": "0.88637", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863619", "reference_id": "863619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988", "reference_id": "CVE-2012-3988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-79", "reference_id": "mfsa2012-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3988" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m66w-2zgj-kqhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2450?format=api", "vulnerability_id": "VCID-m6ya-dpyt-fyas", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03767", "scoring_system": "epss", "scoring_elements": "0.88247", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03767", "scoring_system": "epss", "scoring_elements": "0.88266", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5502" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476269", "reference_id": "476269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502", "reference_id": "CVE-2008-5502", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60", "reference_id": "mfsa2008-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5502" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6ya-dpyt-fyas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2178?format=api", "vulnerability_id": "VCID-m7be-rjrq-r7gv", "summary": "Mozilla developer Blake Kaplan reported that the \nwindow.location object was made a normal overridable JavaScript object\nin the Firefox 3.6 browser engine (Gecko 1.9.2) because new mechanisms\nwere developed to enforce the same-origin policy between windows and frames.\nThis object is unfortunately also used by some plugins to determine the page\norigin used for access restrictions. A malicious page could override this\nobject to fool a plugin into granting access to data on another site or the\nlocal file system. The behavior of older Firefox versions has been restored.\nThis flaw does not affect earlier versions of Firefox, or other\nprograms such as Thunderbird or SeaMonkey built on older versions\nof the browser engine.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66287", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66338", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170", "reference_id": "CVE-2010-0170", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-10", "reference_id": "mfsa2010-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0170" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7be-rjrq-r7gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2354?format=api", "vulnerability_id": "VCID-m8k4-hqc3-57f8", "summary": "Security researcher Collin Jackson reported a violation of\nthe HTML5 specifications for document.domain behavior. Specified\nbehavior requires pages to only have access to windows in a new\ndocument.domain but the observed violation allowed pages to retain\naccess to windows from the page's initial origin in addition to the new\ndocument.domain. This could potentially lead to cross-site\nscripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.76394", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.76422", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3985" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863617", "reference_id": "863617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985", "reference_id": "CVE-2012-3985", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-76", "reference_id": "mfsa2012-76", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-76" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3985" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8k4-hqc3-57f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2620?format=api", "vulnerability_id": "VCID-m92z-gnyf-gucn", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06345", "scoring_system": "epss", "scoring_elements": "0.9115", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06345", "scoring_system": "epss", "scoring_elements": "0.91163", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521690", "reference_id": "521690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074", "reference_id": "CVE-2009-3074", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3074" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m92z-gnyf-gucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2677?format=api", "vulnerability_id": "VCID-meap-trqg-3qh9", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02802", "scoring_system": "epss", "scoring_elements": "0.86389", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02802", "scoring_system": "epss", "scoring_elements": "0.86412", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1303" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253", "reference_id": "496253", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303", "reference_id": "CVE-2009-1303", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1303" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-meap-trqg-3qh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2331?format=api", "vulnerability_id": "VCID-mf9j-kke2-bfak", "summary": "Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78395", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78422", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4184" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623", "reference_id": "863623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184", "reference_id": "CVE-2012-4184", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83", "reference_id": "mfsa2012-83", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4184" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mf9j-kke2-bfak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2249?format=api", "vulnerability_id": "VCID-mfnv-gyq3-eufj", "summary": "Security researcher Paul Stone reported an attack where an\nHTML page hosted on a Windows share and then loaded could then load Windows\nshortcut files (.lnk) in the same share. These shortcut files could then link to\narbitrary locations on the local file system of the individual loading the HTML\npage. That page could show the contents of these linked files or directories\nfrom the local file system in an iframe, causing information disclosure.\nThis issue could potentially affect Linux machines with samba\nshares enabled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.4096", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41036", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1945" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827831", "reference_id": "827831", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945", "reference_id": "CVE-2012-1945", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-37", "reference_id": "mfsa2012-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1945" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfnv-gyq3-eufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2205?format=api", "vulnerability_id": "VCID-mg1g-83ha-ekgc", "summary": "Mozilla cryptographer Nelson Bolyard reported that\nthe SSL implementation was permitting servers to use Diffie-Hellman\nEphemeral mode (DHE) with too short of a minimum key length. DHE keys\nof such lengths are trivially breakable on modern hardware so SSL\nservers operating in this mode were providing very little effective\nsecurity for their clients.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02315", "scoring_system": "epss", "scoring_elements": "0.85078", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02315", "scoring_system": "epss", "scoring_elements": "0.85102", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3173" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642302", "reference_id": "642302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173", "reference_id": "CVE-2010-3173", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-72", "reference_id": "mfsa2010-72", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-72" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://usn.ubuntu.com/1007-1/", "reference_id": "USN-1007-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1007-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3173" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mg1g-83ha-ekgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2380?format=api", "vulnerability_id": "VCID-mhjx-g26j-87gc", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02745", "scoring_system": "epss", "scoring_elements": "0.86263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02745", "scoring_system": "epss", "scoring_elements": "0.86285", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3970" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922", "reference_id": "851922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970", "reference_id": "CVE-2012-3970", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63", "reference_id": "mfsa2012-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3970" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhjx-g26j-87gc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2410?format=api", "vulnerability_id": "VCID-mpwt-9awb-mkh4", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\ncertain security checks in the location object can be bypassed if chrome code is\ncalled content in a specific manner. This allowed for the loading of restricted\ncontent. This can be combined with other issues to become potentially\nexploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01292", "scoring_system": "epss", "scoring_elements": "0.80012", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01292", "scoring_system": "epss", "scoring_elements": "0.80038", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3978" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851937", "reference_id": "851937", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851937" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978", "reference_id": "CVE-2012-3978", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70", "reference_id": "mfsa2012-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3978" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpwt-9awb-mkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2290?format=api", "vulnerability_id": "VCID-mq5h-749h-53ff", "summary": "Mozilla developer Johnny Stenback discovered that several\nmethods of a feature used for testing (DOMWindowUtils) are not protected by\nexisting security checks, allowing these methods to be called through script by\nweb pages. This was addressed by adding the existing security checks to these\nmethods.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75068", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75097", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863618", "reference_id": "863618", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986", "reference_id": "CVE-2012-3986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-77", "reference_id": "mfsa2012-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-77" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3986" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mq5h-749h-53ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2242?format=api", "vulnerability_id": "VCID-mr6q-j2dx-yub6", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69629", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69669", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3967" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920", "reference_id": "851920", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967", "reference_id": "CVE-2012-3967", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62", "reference_id": "mfsa2012-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3967" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mr6q-j2dx-yub6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2659?format=api", "vulnerability_id": "VCID-msm9-wpc5-uyhc", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07679", "scoring_system": "epss", "scoring_elements": "0.92047", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07679", "scoring_system": "epss", "scoring_elements": "0.9206", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488272", "reference_id": "488272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771", "reference_id": "CVE-2009-0771", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0771" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-msm9-wpc5-uyhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2657?format=api", "vulnerability_id": "VCID-mua7-tbmx-6fgr", "summary": "An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, reported that the columns of a XUL tree element could be\nmanipulated in a particular way which would leave a pointer owned by\nthe column pointing to freed memory. An attacker could potentially\nuse this vulnerability to crash a victim's browser and run arbitrary\ncode on the victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.90327", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.90342", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693", "reference_id": "521693", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077", "reference_id": "CVE-2009-3077", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-49", "reference_id": "mfsa2009-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3077" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mua7-tbmx-6fgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2191?format=api", "vulnerability_id": "VCID-mvt7-a39m-s7ag", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03853", "scoring_system": "epss", "scoring_elements": "0.88413", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03853", "scoring_system": "epss", "scoring_elements": "0.88431", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3176" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642272", "reference_id": "642272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176", "reference_id": "CVE-2010-3176", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64", "reference_id": "mfsa2010-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0780", "reference_id": "RHSA-2010:0780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3176" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mvt7-a39m-s7ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2408?format=api", "vulnerability_id": "VCID-mwtn-7mbw-bfc6", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03101", "scoring_system": "epss", "scoring_elements": "0.87047", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03101", "scoring_system": "epss", "scoring_elements": "0.8707", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840201", "reference_id": "840201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948", "reference_id": "CVE-2012-1948", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42", "reference_id": "mfsa2012-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1948" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwtn-7mbw-bfc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2893?format=api", "vulnerability_id": "VCID-mz1n-193x-qqhn", "summary": "Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03926", "scoring_system": "epss", "scoring_elements": "0.88524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03926", "scoring_system": "epss", "scoring_elements": "0.88542", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652", "reference_id": "CVE-2011-3652", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48", "reference_id": "mfsa2011-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3652" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mz1n-193x-qqhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2803?format=api", "vulnerability_id": "VCID-mza1-376r-c3bm", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88839", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88856", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700640", "reference_id": "700640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070", "reference_id": "CVE-2011-0070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0070" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mza1-376r-c3bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2611?format=api", "vulnerability_id": "VCID-n2jn-bkz2-yygh", "summary": "Security researcher Takehiro Takahashi of the IBM\nX-Force reported that Mozilla's NTLM implementation was vulnerable to\nreflection attacks in which NTLM credentials from one application\ncould be forwarded to another arbitrary application via the browser.\nIf an attacker could get a user to visit a web page he controlled he\ncould force NTLM authenticated requests to be forwarded to another\napplication on behalf of the user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.7158", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.71624", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546720", "reference_id": "546720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983", "reference_id": "CVE-2009-3983", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-68", "reference_id": "mfsa2009-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1673", "reference_id": "RHSA-2009:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3983" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2jn-bkz2-yygh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2259?format=api", "vulnerability_id": "VCID-n4a2-kntd-sug6", "summary": "Mozilla security researcher moz_bug_r_a4 reported that frame\nscripts bypass XPConnect security checks when calling untrusted objects. This\nallows for cross-site scripting (XSS) attacks through web pages and Firefox\nextensions. The fix enables the Script Security Manager (SSM) to force security\nchecks on all frame scripts.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62904", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62946", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446", "reference_id": "CVE-2012-0446", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05", "reference_id": "mfsa2012-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0446" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4a2-kntd-sug6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2660?format=api", "vulnerability_id": "VCID-n4t9-vspp-y7br", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07324", "scoring_system": "epss", "scoring_elements": "0.91828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07324", "scoring_system": "epss", "scoring_elements": "0.91841", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488273", "reference_id": "488273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772", "reference_id": "CVE-2009-0772", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" }, { "reference_url": "https://usn.ubuntu.com/728-2/", "reference_id": "USN-728-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-2/" }, { "reference_url": "https://usn.ubuntu.com/728-3/", "reference_id": "USN-728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-3/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0772" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4t9-vspp-y7br" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2685?format=api", "vulnerability_id": "VCID-n4ww-93jx-8uhk", "summary": "Security researcher Orlando Berrera of Sec Theory\nreported that recursive creation of JavaScript web-workers can be used\nto create a set of objects whose memory could be freed prior to their\nuse. These conditions often result in a crash which could potentially\nbe used by an attacker to run arbitrary code on a victim's\ncomputer.Web Workers were introduced in Firefox 3.5 so this\nvulnerability did not affect earlier releases such as Firefox 3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02682", "scoring_system": "epss", "scoring_elements": "0.86124", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02682", "scoring_system": "epss", "scoring_elements": "0.86145", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371", "reference_id": "CVE-2009-3371", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-54", "reference_id": "mfsa2009-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-54" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3371" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4ww-93jx-8uhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2326?format=api", "vulnerability_id": "VCID-nbbh-ws5y-3uh4", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative the possibility of memory corruption during\nthe decoding of Ogg Vorbis files. This can cause a crash during decoding and has\nthe potential for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08973", "scoring_system": "epss", "scoring_elements": "0.92753", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08973", "scoring_system": "epss", "scoring_elements": "0.92766", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197", "reference_id": "664197", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=786026", "reference_id": "786026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444", "reference_id": "CVE-2012-0444", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07", "reference_id": "mfsa2012-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0136", "reference_id": "RHSA-2012:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0136" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" }, { "reference_url": "https://usn.ubuntu.com/1370-1/", "reference_id": "USN-1370-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1370-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0444" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nbbh-ws5y-3uh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2138?format=api", "vulnerability_id": "VCID-nchh-872w-vkh3", "summary": "Mozilla developer Justin Dolske reported that the new\nasynchronous Authorization Prompt (HTTP username and password) was not\nalways attached to the correct window. Although we have not\ndemonstrated this, it may be possible for a malicious page to convince\na user to open a new tab or popup to a trusted service and then have\nthe HTTP authorization prompt from the malicious page appear to be\nthe login prompt for the trusted page. This potential attack is greatly\nmitigated by the fact that very few web sites use HTTP authorization,\npreferring instead to use web forms and cookies.This issue does not affect older versions of Firefox or\nproducts based on the Mozilla browser engine, such as Thunderbird and\nSeaMonkey, using an older version of the engine.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67804", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67844", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0172" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172", "reference_id": "CVE-2010-0172", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-15", "reference_id": "mfsa2010-15", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0172" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nchh-872w-vkh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2827?format=api", "vulnerability_id": "VCID-ngf4-yj5g-qfg2", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05475", "scoring_system": "epss", "scoring_elements": "0.90378", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05475", "scoring_system": "epss", "scoring_elements": "0.90364", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0084" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730519", "reference_id": "730519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084", "reference_id": "CVE-2011-0084", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1166", "reference_id": "RHSA-2011:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1166" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0084" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngf4-yj5g-qfg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2807?format=api", "vulnerability_id": "VCID-nm6h-k6v3-qbeu", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.88942", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8896", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700613", "reference_id": "700613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077", "reference_id": "CVE-2011-0077", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0077" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nm6h-k6v3-qbeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2370?format=api", "vulnerability_id": "VCID-np3j-5bej-jbcf", "summary": "Mozilla community member Daniel Glazman of Disruptive\nInnovations reported a crash when accessing a keyframe's cssText after dynamic\nmodification. This crash may be potentially exploitable.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03436", "scoring_system": "epss", "scoring_elements": "0.87699", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03436", "scoring_system": "epss", "scoring_elements": "0.8772", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0459" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803112", "reference_id": "803112", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459", "reference_id": "CVE-2012-0459", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-17", "reference_id": "mfsa2012-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0459" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-np3j-5bej-jbcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2155?format=api", "vulnerability_id": "VCID-ns97-bju9-4kam", "summary": "Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements. A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem. This integer is later used in allocating a memory buffer used\nto store the plugin parameters. Under such conditions, too small a\nbuffer would be created and attacker-controlled data could be written\npast the end of the buffer, potentially resulting in code\nexecution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0734", "scoring_system": "epss", "scoring_elements": "0.91838", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0734", "scoring_system": "epss", "scoring_elements": "0.91851", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1214" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615462", "reference_id": "615462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214", "reference_id": "CVE-2010-1214", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py", "reference_id": "CVE-2010-1214", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt", "reference_id": "CVE-2010-1214;OSVDB-66594", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt" }, { "reference_url": "https://www.securityfocus.com/bid/41842/info", "reference_id": "CVE-2010-1214;OSVDB-66594", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/41842/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-37", "reference_id": "mfsa2010-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1214" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ns97-bju9-4kam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2368?format=api", "vulnerability_id": "VCID-nvpe-v8jh-fqdk", "summary": "Security researcher Mario Heiderich reported that javascript\ncould be executed in the HTML feed-view using <embed> tag\nwithin the RSS <description>. This problem is due to\n<embed> tags not being filtered out during parsing and can\nlead to a potential cross-site scripting (XSS) attack. The flaw existed in a\nparser utility class and could affect other parts of the browser or add-ons\nwhich rely on that class to sanitize untrusted input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77317", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77346", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840208", "reference_id": "840208", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957", "reference_id": "CVE-2012-1957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-47", "reference_id": "mfsa2012-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1957" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nvpe-v8jh-fqdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2609?format=api", "vulnerability_id": "VCID-nzh8-6y4s-b3ha", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1037", "scoring_system": "epss", "scoring_elements": "0.93338", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1037", "scoring_system": "epss", "scoring_elements": "0.93349", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1832" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503569", "reference_id": "503569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832", "reference_id": "CVE-2009-1832", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1832" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzh8-6y4s-b3ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2395?format=api", "vulnerability_id": "VCID-p4hy-8me4-wyhk", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03612", "scoring_system": "epss", "scoring_elements": "0.87995", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03612", "scoring_system": "epss", "scoring_elements": "0.88016", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1939" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939", "reference_id": "CVE-2012-1939", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1939" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4hy-8me4-wyhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116463?format=api", "vulnerability_id": "VCID-pby3-xaup-j3cw", "summary": "firefox: (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530162", "reference_id": "530162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530162" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1563" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pby3-xaup-j3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116609?format=api", "vulnerability_id": "VCID-pcxh-pchx-33ar", "summary": "firefox 3.5 various flaws", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04071", "scoring_system": "epss", "scoring_elements": "0.88745", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04071", "scoring_system": "epss", "scoring_elements": "0.88763", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228", "reference_id": "511228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py", "reference_id": "OSVDB-55932;CVE-2009-2478", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2478" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcxh-pchx-33ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116377?format=api", "vulnerability_id": "VCID-pdqy-18cz-tkhb", "summary": "webkit: stylesheet URL property leaks redirection target", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.6352", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63563", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0648" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=568170", "reference_id": "568170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=568170" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0648" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pdqy-18cz-tkhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2139?format=api", "vulnerability_id": "VCID-pjqn-kghb-k7fs", "summary": "Mozilla developer Wladimir Palant reported that\nstylesheets used in remote XUL documents can wind up in the XUL cache\nwhere it can later be accessed by browser chrome for use in styling\nthe user interface. A malicious website could use this issue to\npollute a user's XUL cache and change style attributes of their\nbrowser such as font size and color.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.6251", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62556", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576694", "reference_id": "576694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169", "reference_id": "CVE-2010-0169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14", "reference_id": "mfsa2010-14", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0169" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjqn-kghb-k7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2235?format=api", "vulnerability_id": "VCID-pmmt-y31z-q3h1", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0442", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01441", "scoring_system": "epss", "scoring_elements": "0.81067", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01441", "scoring_system": "epss", "scoring_elements": "0.81095", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0442" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=785085", "reference_id": "785085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442", "reference_id": "CVE-2012-0442", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01", "reference_id": "mfsa2012-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0084", "reference_id": "RHSA-2012:0084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0085", "reference_id": "RHSA-2012:0085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0085" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0442" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmmt-y31z-q3h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2675?format=api", "vulnerability_id": "VCID-pua3-9myf-akfg", "summary": "Security researcher Juan Pablo Lopez Yacubian\nreported that the default Windows font used to render the locationbar\nand other text fields was improperly displaying certain Unicode\ncharacters with tall line-height. In such cases the tall line-height\nwould cause the rest of the text in the input field to be scrolled\nvertically out of view. An attacker could use this vulnerability to\nprevent a user from seeing the URL of a malicious site.Corrie Sloot also independently reported this\nissue to Mozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01724", "scoring_system": "epss", "scoring_elements": "0.8276", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01724", "scoring_system": "epss", "scoring_elements": "0.82785", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3078" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521694", "reference_id": "521694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078", "reference_id": "CVE-2009-3078", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-50", "reference_id": "mfsa2009-50", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3078" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pua3-9myf-akfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2194?format=api", "vulnerability_id": "VCID-pykb-a18b-dbf8", "summary": "Security researcher Chris Rohlf of Matasano\nSecurity reported that the implementation of the HTML frameset element\ncontained an integer overflow vulnerability. The code responsible for\nparsing the frameset columns used an 8-byte counter for the column\nnumbers, so when a very large number of columns was passed in the\ncounter would overflow. When this counter was subsequently used to\nallocate memory for the frameset, the memory buffer would be too\nsmall, potentially resulting in a heap buffer overflow and execution\nof attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04021", "scoring_system": "epss", "scoring_elements": "0.8867", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04021", "scoring_system": "epss", "scoring_elements": "0.88687", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630056", "reference_id": "630056", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765", "reference_id": "CVE-2010-2765", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-50", "reference_id": "mfsa2010-50", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2765" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pykb-a18b-dbf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2470?format=api", "vulnerability_id": "VCID-q1mu-jcve-4kgv", "summary": "Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02832", "scoring_system": "epss", "scoring_elements": "0.86452", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02832", "scoring_system": "epss", "scoring_elements": "0.86476", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=464041", "reference_id": "464041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=464041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070", "reference_id": "CVE-2008-4070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-46", "reference_id": "mfsa2008-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4070" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1mu-jcve-4kgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2336?format=api", "vulnerability_id": "VCID-q24e-mb35-tqhk", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03172", "scoring_system": "epss", "scoring_elements": "0.87177", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03172", "scoring_system": "epss", "scoring_elements": "0.872", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1976" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976", "reference_id": "CVE-2012-1976", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1976" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q24e-mb35-tqhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2219?format=api", "vulnerability_id": "VCID-q5qh-c85t-tygr", "summary": "Mozilla added the OTS\nfont sanitizing library to prevent downloadable fonts from exposing\nvulnerabilities in the underlying OS font code. This library mitigates\nagainst several issues independently reported by Red Hat Security\nResponse Team member Marc Schoenefeld and Mozilla\nsecurity researcher Christoph Diehl.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06139", "scoring_system": "epss", "scoring_elements": "0.90966", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06139", "scoring_system": "epss", "scoring_elements": "0.90979", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420", "reference_id": "660420", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768", "reference_id": "CVE-2010-3768", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-78", "reference_id": "mfsa2010-78", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-78" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0969", "reference_id": "RHSA-2010:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0969" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3768" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5qh-c85t-tygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2886?format=api", "vulnerability_id": "VCID-q6wy-vbkn-5ybk", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.86064", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.86085", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2995" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741902", "reference_id": "741902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995", "reference_id": "CVE-2011-2995", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36", "reference_id": "mfsa2011-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2995" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6wy-vbkn-5ybk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2377?format=api", "vulnerability_id": "VCID-q89u-vxqk-mbhv", "summary": "Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01959", "scoring_system": "epss", "scoring_elements": "0.83825", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01959", "scoring_system": "epss", "scoring_elements": "0.83849", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877616", "reference_id": "877616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201", "reference_id": "CVE-2012-4201", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-93", "reference_id": "mfsa2012-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4201" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q89u-vxqk-mbhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2237?format=api", "vulnerability_id": "VCID-q9j1-5s74-5ugv", "summary": "Security research Nicolas Grégoire used the Address\nSanitizer tool to discover an out-of-bounds read in the format-number feature of\nXSLT, which can cause inaccurate formatting of numbers and information leakage.\nThis is not directly exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04549", "scoring_system": "epss", "scoring_elements": "0.89373", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04549", "scoring_system": "epss", "scoring_elements": "0.89391", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3972" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851924", "reference_id": "851924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972", "reference_id": "CVE-2012-3972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65", "reference_id": "mfsa2012-65", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3972" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9j1-5s74-5ugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2622?format=api", "vulnerability_id": "VCID-q9yf-bpwj-cfcy", "summary": "Security researcher Gregory Fleischer reported\nthat text within a selection on a web page can be read by JavaScript\nin a different domain using the document.getSelection\nfunction, violating the same-origin policy. Since this vulnerability\nrequires user interaction to exploit, its severity was determined to\nbe moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64526", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64569", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3375" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530167", "reference_id": "530167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375", "reference_id": "CVE-2009-3375", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-61", "reference_id": "mfsa2009-61", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3375" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9yf-bpwj-cfcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140824?format=api", "vulnerability_id": "VCID-qajb-6htt-h7cq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81343", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.8137", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3073" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2007-3073" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qajb-6htt-h7cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2193?format=api", "vulnerability_id": "VCID-qb9j-sn9f-hye6", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03201", "scoring_system": "epss", "scoring_elements": "0.87239", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03201", "scoring_system": "epss", "scoring_elements": "0.87262", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174", "reference_id": "CVE-2010-3174", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64", "reference_id": "mfsa2010-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3174" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb9j-sn9f-hye6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2201?format=api", "vulnerability_id": "VCID-qd2f-p5n6-yqa8", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05098", "scoring_system": "epss", "scoring_elements": "0.89992", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05098", "scoring_system": "epss", "scoring_elements": "0.90008", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778", "reference_id": "CVE-2010-3778", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74", "reference_id": "mfsa2010-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3778" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qd2f-p5n6-yqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2142?format=api", "vulnerability_id": "VCID-qerq-fger-47fb", "summary": "Security researcher wushi of team509 reported that\nwhen a XUL tree had an HTML <div> element nested inside a\n<treechildren> element then code attempting to display content\nin the XUL tree would incorrectly treat the <div> element as a\nparent node to tree content underneath it resulting in incorrect\nindexes being calculated for the child content. These incorrect\nindexes were used in subsequent array operations which resulted in\nwriting data past the end of an allocated buffer. An attacker could\nuse this issue to crash a victim's browser and run arbitrary code on\ntheir machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.90327", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.90342", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660419", "reference_id": "660419", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772", "reference_id": "CVE-2010-3772", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-77", "reference_id": "mfsa2010-77", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-77" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0968", "reference_id": "RHSA-2010:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0968" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3772" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qerq-fger-47fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115552?format=api", "vulnerability_id": "VCID-qmjx-ueen-sqaw", "summary": "Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57422", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57475", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2605" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2605" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmjx-ueen-sqaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2206?format=api", "vulnerability_id": "VCID-qq5u-em1p-9kat", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0757", "scoring_system": "epss", "scoring_elements": "0.91981", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0757", "scoring_system": "epss", "scoring_elements": "0.91993", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173", "reference_id": "CVE-2010-0173", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16", "reference_id": "mfsa2010-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0173" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qq5u-em1p-9kat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106633?format=api", "vulnerability_id": "VCID-qs4d-hm8w-jfcm", "summary": "The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03757", "scoring_system": "epss", "scoring_elements": "0.88237", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03757", "scoring_system": "epss", "scoring_elements": "0.88256", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936", "reference_id": "422936", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt", "reference_id": "CVE-2007-2437;OSVDB-34905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt" }, { "reference_url": "https://www.securityfocus.com/bid/23741/info", "reference_id": "CVE-2007-2437;OSVDB-34905", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/23741/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2007-2437" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs4d-hm8w-jfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115597?format=api", "vulnerability_id": "VCID-qsqe-9qf4-tqag", "summary": "firefox: doesn't (re)validate certificates when loading HTTPS page", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62568", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62614", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0082" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=709165", "reference_id": "709165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709165" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0082" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsqe-9qf4-tqag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2623?format=api", "vulnerability_id": "VCID-qtgw-bjrx-sug7", "summary": "IOActive security researcher Dan Kaminsky reported a\nmismatch in the treatment of domain names in SSL certificates between SSL\nclients and the Certificate Authorities (CA) which issue server certificates.\nIn particular, if a malicious person requested a certificate for a host name\nwith an invalid null character in it most CAs would issue the\ncertificate if the requester owned the domain specified after the null, while\nmost SSL clients (browsers) ignored that part of the name and used the\nunvalidated part in front of the null. This made it possible for attackers to\nobtain certificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter encrypted\ncommunication between the client and a server such as sensitive bank\naccount transactions.This vulnerability was independently reported to us by researcher\nMoxie Marlinspike who also noted that since Firefox\nrelies on SSL to protect the integrity of security updates this attack\ncould be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability\nResearch team for coordinating a multiple-vendor response to this problem.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01855", "scoring_system": "epss", "scoring_elements": "0.83376", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01855", "scoring_system": "epss", "scoring_elements": "0.834", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251", "reference_id": "510251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934", "reference_id": "539934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408", "reference_id": "CVE-2009-2408", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-42", "reference_id": "mfsa2009-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1184", "reference_id": "RHSA-2009:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1186", "reference_id": "RHSA-2009:1186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1190", "reference_id": "RHSA-2009:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1207", "reference_id": "RHSA-2009:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://usn.ubuntu.com/810-1/", "reference_id": "USN-810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2408" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtgw-bjrx-sug7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2650?format=api", "vulnerability_id": "VCID-qu47-gy34-3fhf", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the XPCOM utility XPCVariant::VariantDataToJS\nunwrapped doubly-wrapped objects before returning them to chrome\ncallers. This could result in chrome privileged code calling methods\non an object which had previously been created or modified by web\ncontent, potentially executing malicious JavaScript code with chrome\nprivileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75836", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75862", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3374" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530157", "reference_id": "530157", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374", "reference_id": "CVE-2009-3374", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-57", "reference_id": "mfsa2009-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3374" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qu47-gy34-3fhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2457?format=api", "vulnerability_id": "VCID-qy7t-uj8w-cyg3", "summary": "Mozilla developer Georgi Guninski reported that\nthe canvas element could be used in conjunction with an HTTP redirect\nto bypass same-origin restrictions and gain access to the content in\narbitrary images from other domains. This vulnerability could be used\nby an attacker to steal private information from a victim who is\nlogged into a website that stores the data in images.Security researchers Michal Zalewski\nand Chris Evans also reported an additional threat\ncaused by this vulnerability in which an attacker can enumerate the\nsoftware installed on a victim's computer by using moz-icon as the\nredirection target.Firefox 3 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05969", "scoring_system": "epss", "scoring_elements": "0.90822", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05969", "scoring_system": "epss", "scoring_elements": "0.90837", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5012" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470864", "reference_id": "470864", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012", "reference_id": "CVE-2008-5012", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-48", "reference_id": "mfsa2008-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5012" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qy7t-uj8w-cyg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2241?format=api", "vulnerability_id": "VCID-qys7-5evw-9yh6", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83363", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83387", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920", "reference_id": "851920", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968", "reference_id": "CVE-2012-3968", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62", "reference_id": "mfsa2012-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3968" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qys7-5evw-9yh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2842?format=api", "vulnerability_id": "VCID-qz3r-49sk-53c9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17807", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17885", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980", "reference_id": "CVE-2011-2980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2980" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qz3r-49sk-53c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2338?format=api", "vulnerability_id": "VCID-r13k-4hde-9uhe", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02961", "scoring_system": "epss", "scoring_elements": "0.86744", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02961", "scoring_system": "epss", "scoring_elements": "0.86767", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957", "reference_id": "CVE-2012-3957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3957" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r13k-4hde-9uhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2152?format=api", "vulnerability_id": "VCID-r1ky-v2fu-mfbz", "summary": "Security researcher Sergey Glazunov reported that\nit was possible to access the locationbar property of\na window object after it had been closed. Since the\nclosed window's memory could have been subsequently\nreused by the system it was possible that an attempt to access\nthe locationbar property could result in the execution of\nattacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.90327", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.90342", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642283", "reference_id": "642283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180", "reference_id": "CVE-2010-3180", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-66", "reference_id": "mfsa2010-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-66" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0780", "reference_id": "RHSA-2010:0780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3180" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1ky-v2fu-mfbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2343?format=api", "vulnerability_id": "VCID-r3ec-2a2x-q3az", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04219", "scoring_system": "epss", "scoring_elements": "0.88946", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04219", "scoring_system": "epss", "scoring_elements": "0.88963", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962", "reference_id": "CVE-2012-3962", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3962" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3ec-2a2x-q3az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2593?format=api", "vulnerability_id": "VCID-r3sj-cqnz-aqha", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17716", "scoring_system": "epss", "scoring_elements": "0.9524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17716", "scoring_system": "epss", "scoring_elements": "0.95247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512133", "reference_id": "512133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464", "reference_id": "CVE-2009-2464", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt", "reference_id": "CVE-2009-2464;OSVDB-56229", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35775/info", "reference_id": "CVE-2009-2464;OSVDB-56229", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35775/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2464" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3sj-cqnz-aqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2386?format=api", "vulnerability_id": "VCID-r5p4-r6th-1fft", "summary": "Security researcher Karthikeyan Bhargavan of Prosecco at\nINRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP\nviolation reports generated by Firefox and sent to the \"report-uri\" location\ninclude sensitive data within the \"blocked-uri\" parameter. These include\nfragment components and query strings even if the \"blocked-uri\" parameter has a\ndifferent origin than the protected resource. This can be used to retrieve a\nuser's OAuth 2.0 access tokens and OpenID credentials by malicious sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01487", "scoring_system": "epss", "scoring_elements": "0.81368", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01487", "scoring_system": "epss", "scoring_elements": "0.81396", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1963" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840220", "reference_id": "840220", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963", "reference_id": "CVE-2012-1963", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-53", "reference_id": "mfsa2012-53", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1963" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r5p4-r6th-1fft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2285?format=api", "vulnerability_id": "VCID-r6d4-xcvs-dfdn", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01532", "scoring_system": "epss", "scoring_elements": "0.81649", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01532", "scoring_system": "epss", "scoring_elements": "0.8168", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5843" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877613", "reference_id": "877613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843", "reference_id": "CVE-2012-5843", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91", "reference_id": "mfsa2012-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5843" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6d4-xcvs-dfdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2352?format=api", "vulnerability_id": "VCID-r6wt-uf7r-s7fn", "summary": "Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74312", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74345", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0456" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116", "reference_id": "803116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456", "reference_id": "CVE-2012-0456", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14", "reference_id": "mfsa2012-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0456" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6wt-uf7r-s7fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116461?format=api", "vulnerability_id": "VCID-r7c8-cmez-9uam", "summary": "Seamonkey: NULL pointer dereference in GIF decoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71915", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71954", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3978" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=547292", "reference_id": "547292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547292" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3978" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7c8-cmez-9uam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2363?format=api", "vulnerability_id": "VCID-ranf-y25x-ffh4", "summary": "Mozilla developer Matt Brubeck reported that\nwindow.fullScreen is writeable by untrusted content now that the DOM fullscreen\nAPI is enabled. Because window.fullScreen does not include\nmozRequestFullscreen's security protections, it could be used for UI spoofing.\nThis code change makes window.fullScreen read only by untrusted content, forcing\nthe use of the DOM fullscreen API in normal usage.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01798", "scoring_system": "epss", "scoring_elements": "0.83124", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01798", "scoring_system": "epss", "scoring_elements": "0.8315", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0460" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803111", "reference_id": "803111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460", "reference_id": "CVE-2012-0460", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-18", "reference_id": "mfsa2012-18", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0460" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ranf-y25x-ffh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2239?format=api", "vulnerability_id": "VCID-rdhz-96c5-mka3", "summary": "Security researchers Nicolas Grégoire and Aki\nHelin independently reported that when processing a malformed\nembedded XSLT stylesheet, Firefox can crash due to a memory corruption.\nWhile there is no evidence that this is directly exploitable, there is\na possibility of remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03949", "scoring_system": "epss", "scoring_elements": "0.88556", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03949", "scoring_system": "epss", "scoring_elements": "0.88574", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0449" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=785966", "reference_id": "785966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449", "reference_id": "CVE-2012-0449", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-08", "reference_id": "mfsa2012-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0449" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdhz-96c5-mka3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2464?format=api", "vulnerability_id": "VCID-rtjn-ra4m-3qhq", "summary": "Security researcher Billy Hoffman discovered a bug in the XBM decoder that allowed random small chunks of uninitialized memory to be read. The severity of this bug was low and did not appear to cause any memory corruption.Firefox 3 is not affected by this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80038", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80063", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463251", "reference_id": "463251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463251" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069", "reference_id": "CVE-2008-4069", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-45", "reference_id": "mfsa2008-45", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4069" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rtjn-ra4m-3qhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2601?format=api", "vulnerability_id": "VCID-ru9e-ndxy-pqb8", "summary": "One of the security fixes in Firefox 3.0.9 introduced a\nregression that caused some users to experience frequent crashes.\nUsers of the HTML Validator add-on were particularly affected, but\nother users also experienced this crash in some situations.\nIn analyzing this crash we discovered that it was due to memory\ncorruption similar to cases that have been identified as security\nvulnerabilities in the past.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32166", "scoring_system": "epss", "scoring_elements": "0.96922", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.32166", "scoring_system": "epss", "scoring_elements": "0.96927", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1313" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=497447", "reference_id": "497447", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313", "reference_id": "CVE-2009-1313", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html", "reference_id": "CVE-2009-1313;OSVDB-54174", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html" }, { "reference_url": "https://www.securityfocus.com/bid/34743/info", "reference_id": "CVE-2009-1313;OSVDB-54174", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/34743/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-23", "reference_id": "mfsa2009-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0449", "reference_id": "RHSA-2009:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0449" }, { "reference_url": "https://usn.ubuntu.com/765-1/", "reference_id": "USN-765-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/765-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1313" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ru9e-ndxy-pqb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2607?format=api", "vulnerability_id": "VCID-rub4-fa7f-tfe8", "summary": "Mozilla security researchers Jesse Ruderman\nand Sid Stamm reported that when downloading a file\ncontaining a right-to-left override character (RTL) in the filename,\nthe name displayed in the dialog title bar conflicts with the name of\nthe file shown in the dialog body. An attacker could use this\nvulnerability to obfuscate the name and file extension of a file to be\ndownloaded and opened, potentially causing a user to run an executable\nfile when they expected to open a non-executable file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03024", "scoring_system": "epss", "scoring_elements": "0.86875", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03024", "scoring_system": "epss", "scoring_elements": "0.86898", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530168", "reference_id": "530168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376", "reference_id": "CVE-2009-3376", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62", "reference_id": "mfsa2009-62", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3376" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rub4-fa7f-tfe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2169?format=api", "vulnerability_id": "VCID-ruxv-49gp-ykg5", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04749", "scoring_system": "epss", "scoring_elements": "0.89616", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04749", "scoring_system": "epss", "scoring_elements": "0.89633", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3072" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688", "reference_id": "521688", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072", "reference_id": "CVE-2009-3072", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3072" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruxv-49gp-ykg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/143970?format=api", "vulnerability_id": "VCID-s25y-3kgb-13db", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.75138", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.75167", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0367" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-0367" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s25y-3kgb-13db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2346?format=api", "vulnerability_id": "VCID-s2bx-814a-fkbw", "summary": "Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. \nFirefox 9 and earlier are not affected by this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.83135", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.8316", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0452" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=789506", "reference_id": "789506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452", "reference_id": "CVE-2012-0452", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-10", "reference_id": "mfsa2012-10", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-10" }, { "reference_url": "https://usn.ubuntu.com/1360-1/", "reference_id": "USN-1360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1360-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0452" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s2bx-814a-fkbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2799?format=api", "vulnerability_id": "VCID-s7bu-gy24-sudx", "summary": "Security researcher Jordi Chancel reported a crash\non multipart/x-mixed-replace images due to memory\ncorruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05899", "scoring_system": "epss", "scoring_elements": "0.90765", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05899", "scoring_system": "epss", "scoring_elements": "0.90778", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2377" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714929", "reference_id": "714929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377", "reference_id": "CVE-2011-2377", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-21", "reference_id": "mfsa2011-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2377" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7bu-gy24-sudx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2340?format=api", "vulnerability_id": "VCID-s933-9v5u-a3b3", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03932", "scoring_system": "epss", "scoring_elements": "0.88534", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03932", "scoring_system": "epss", "scoring_elements": "0.88552", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3959" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959", "reference_id": "CVE-2012-3959", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3959" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s933-9v5u-a3b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2638?format=api", "vulnerability_id": "VCID-s9ey-mtj5-vbey", "summary": "Security researcher David James reported that a\ncontent window which is opened by a chrome window retains a reference\nto the chrome window via the window.opener property. Using\nthis reference, content in the new window can access functions \ninside the chrome window, such as eval, and use these\nfunctions to run arbitrary JavaScript code with chrome privileges. In\na stock Mozilla browser a remote attacker can not cause these application\ndialogs to appear nor to automatically load the attack code that takes advantage\nof this flaw in window.opener. There may be add-ons which open\npotentially hostile web-content in this way, and combined with such an add-on the\nseverity of this flaw could be upgraded to Critical.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01982", "scoring_system": "epss", "scoring_elements": "0.83897", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01982", "scoring_system": "epss", "scoring_elements": "0.83921", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546724", "reference_id": "546724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986", "reference_id": "CVE-2009-3986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70", "reference_id": "mfsa2009-70", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3986" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ey-mtj5-vbey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2468?format=api", "vulnerability_id": "VCID-sapx-e34n-tkhm", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04686", "scoring_system": "epss", "scoring_elements": "0.8953", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04686", "scoring_system": "epss", "scoring_elements": "0.89548", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5512" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476287", "reference_id": "476287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512", "reference_id": "CVE-2008-5512", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68", "reference_id": "mfsa2008-68", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5512" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sapx-e34n-tkhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2409?format=api", "vulnerability_id": "VCID-scmh-n3kp-yqas", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute\ncan be accessed under certain circumstances because of a premature notification\nof AttributeChildRemoved. This use-after-free of the child nodes could possibly\nallow for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72536", "scoring_system": "epss", "scoring_elements": "0.98787", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3659" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=786258", "reference_id": "786258", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786258" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659", "reference_id": "CVE-2011-3659", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb", "reference_id": "CVE-2011-3659;OSVDB-78736", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413", "reference_id": "CVE-2011-3659;OSVDB-78736", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-04", "reference_id": "mfsa2012-04", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3659" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scmh-n3kp-yqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2163?format=api", "vulnerability_id": "VCID-scs8-y8pt-mkh2", "summary": "Security researcher Orlando Barrera II of SecTheory reported,\nvia TippingPoint's Zero Day Initiative, that Mozilla's implementation\nof Web Workers contained an error in its handling of array data types\nwhen processing posted messages. This error could be used by an\nattacker to corrupt heap memory and crash the browser, potentially\nrunning arbitrary code on a victim's computer.Web Workers were introduced in Firefox 3.5; Firefox 3.0\nand earlier versions were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05179", "scoring_system": "epss", "scoring_elements": "0.90078", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05179", "scoring_system": "epss", "scoring_elements": "0.90094", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566049", "reference_id": "566049", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160", "reference_id": "CVE-2010-0160", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-02", "reference_id": "mfsa2010-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0160" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scs8-y8pt-mkh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2207?format=api", "vulnerability_id": "VCID-se2r-rwr6-9fh2", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03507", "scoring_system": "epss", "scoring_elements": "0.87837", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03507", "scoring_system": "epss", "scoring_elements": "0.87858", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0174" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578147", "reference_id": "578147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174", "reference_id": "CVE-2010-0174", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16", "reference_id": "mfsa2010-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0174" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-se2r-rwr6-9fh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2877?format=api", "vulnerability_id": "VCID-sgkt-a1hx-cyas", "summary": "Security researchers Chris Rohlf and Yan\nIvnitskiy of Matasano Security reported that when a\nJavaScript Array object had its length set to an\nextremely large value, the iteration of array elements that occurs\nwhen its reduceRight method was subsequently called could\nresult in the execution of attacker controlled memory due to an\ninvalid index value being used to access element properties.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86212", "scoring_system": "epss", "scoring_elements": "0.99415", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.86212", "scoring_system": "epss", "scoring_elements": "0.99416", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714580", "reference_id": "714580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371", "reference_id": "CVE-2011-2371", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html", "reference_id": "CVE-2011-2371;OSVDB-73184", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb", "reference_id": "CVE-2011-2371;OSVDB-73184", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html", "reference_id": "CVE-2011-2371;OSVDB-73184", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-22", "reference_id": "mfsa2011-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2371" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgkt-a1hx-cyas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2334?format=api", "vulnerability_id": "VCID-shgf-ueps-13d5", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87464", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87485", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1974" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974", "reference_id": "CVE-2012-1974", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1974" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shgf-ueps-13d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2293?format=api", "vulnerability_id": "VCID-shqz-mtvs-6ffy", "summary": "Mozilla community member Alice White reported that when the\nGetProperty function is invoked through JSAPI, security checking\ncan be bypassed when getting cross-origin properties. This potentially allowed\nfor arbitrary code execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80922", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80951", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3991" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863621", "reference_id": "863621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991", "reference_id": "CVE-2012-3991", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-81", "reference_id": "mfsa2012-81", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-81" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3991" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shqz-mtvs-6ffy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2804?format=api", "vulnerability_id": "VCID-skhj-cty8-s3h7", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02514", "scoring_system": "epss", "scoring_elements": "0.85669", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02514", "scoring_system": "epss", "scoring_elements": "0.85691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0080" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700677", "reference_id": "700677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080", "reference_id": "CVE-2011-0080", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0080" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-skhj-cty8-s3h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2161?format=api", "vulnerability_id": "VCID-smf5-d33k-gybp", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06167", "scoring_system": "epss", "scoring_elements": "0.90986", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06167", "scoring_system": "epss", "scoring_elements": "0.91", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590810", "reference_id": "590810", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202", "reference_id": "CVE-2010-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1202" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smf5-d33k-gybp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/161668?format=api", "vulnerability_id": "VCID-sn79-g3mx-4qgh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.70306", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.70348", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1994" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1994" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sn79-g3mx-4qgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2341?format=api", "vulnerability_id": "VCID-sq1x-7gp9-ruec", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.851", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3960" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960", "reference_id": "CVE-2012-3960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3960" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sq1x-7gp9-ruec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2254?format=api", "vulnerability_id": "VCID-svmf-237b-qqec", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03504", "scoring_system": "epss", "scoring_elements": "0.87828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03504", "scoring_system": "epss", "scoring_elements": "0.87849", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4181" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181", "reference_id": "CVE-2012-4181", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4181" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svmf-237b-qqec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2676?format=api", "vulnerability_id": "VCID-swau-cddy-1kdm", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04391", "scoring_system": "epss", "scoring_elements": "0.89175", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04391", "scoring_system": "epss", "scoring_elements": "0.89192", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1302" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496252", "reference_id": "496252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302", "reference_id": "CVE-2009-1302", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1302" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swau-cddy-1kdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2164?format=api", "vulnerability_id": "VCID-t1sx-kgbz-kqds", "summary": "Mozilla developer Vladimir Vukicevic reported that\na canvas element can be used to read data from another site, violating\nthe same-origin policy. The read restriction placed on a canvas\nelement which has had cross-origin data rendered into it can be\nbypassed by retaining a reference to the canvas element's context and\ndeleting the associated canvas node from the DOM.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62358", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62404", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1207" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615472", "reference_id": "615472", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207", "reference_id": "CVE-2010-1207", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-43", "reference_id": "mfsa2010-43", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1207" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t1sx-kgbz-kqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2281?format=api", "vulnerability_id": "VCID-t2w6-q44t-muej", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52507", "scoring_system": "epss", "scoring_elements": "0.97988", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.52507", "scoring_system": "epss", "scoring_elements": "0.97991", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4186" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186", "reference_id": "CVE-2012-4186", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4186" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2w6-q44t-muej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2200?format=api", "vulnerability_id": "VCID-t5c6-f8zf-t3dx", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03853", "scoring_system": "epss", "scoring_elements": "0.88413", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03853", "scoring_system": "epss", "scoring_elements": "0.88431", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660408", "reference_id": "660408", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776", "reference_id": "CVE-2010-3776", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74", "reference_id": "mfsa2010-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0968", "reference_id": "RHSA-2010:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0969", "reference_id": "RHSA-2010:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0969" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3776" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5c6-f8zf-t3dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62152?format=api", "vulnerability_id": "VCID-t8bw-rpmc-a3bp", "summary": "Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05951", "scoring_system": "epss", "scoring_elements": "0.9081", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05951", "scoring_system": "epss", "scoring_elements": "0.90825", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html", "reference_id": "CVE-2009-2044;OSVDB-56471", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html" }, { "reference_url": "https://www.securityfocus.com/bid/35280/info", "reference_id": "CVE-2009-2044;OSVDB-56471", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35280/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2044" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8bw-rpmc-a3bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2305?format=api", "vulnerability_id": "VCID-t9c8-vmrx-qyet", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01433", "scoring_system": "epss", "scoring_elements": "0.8102", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01433", "scoring_system": "epss", "scoring_elements": "0.81048", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635", "reference_id": "877635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833", "reference_id": "CVE-2012-5833", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5833" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9c8-vmrx-qyet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2617?format=api", "vulnerability_id": "VCID-tc58-ttgn-9bh4", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04029", "scoring_system": "epss", "scoring_elements": "0.88693", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04029", "scoring_system": "epss", "scoring_elements": "0.8871", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521686", "reference_id": "521686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070", "reference_id": "CVE-2009-3070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3070" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc58-ttgn-9bh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2405?format=api", "vulnerability_id": "VCID-tddk-3t9a-pkhc", "summary": "Security Researcher Mike Brooks of Sitewatch reported that\nif multiple Content Security Policy (CSP) headers are present on a page, they\nhave an additive effect page policy. Using carriage return line feed (CRLF)\ninjection, a new CSP rule can be introduced which allows for cross-site\nscripting (XSS) on sites with a separate header injection vulnerability.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43362", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43435", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803114", "reference_id": "803114", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451", "reference_id": "CVE-2012-0451", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-15", "reference_id": "mfsa2012-15", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0451" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tddk-3t9a-pkhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2392?format=api", "vulnerability_id": "VCID-tgxk-1qvp-nuf7", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02405", "scoring_system": "epss", "scoring_elements": "0.85361", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02405", "scoring_system": "epss", "scoring_elements": "0.85384", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000", "reference_id": "815000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467", "reference_id": "CVE-2012-0467", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20", "reference_id": "mfsa2012-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0467" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgxk-1qvp-nuf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2439?format=api", "vulnerability_id": "VCID-tj2u-5d7b-pfbc", "summary": "Justin Schuh and Tom Cross of the\nIBM X-Force and Peter Williams of IBM Watson Labs reported\nerrors in Mozilla URL parsing routines. These errors could be exploited\nusing a specially crafted UTF-8 URL in a hyperlink which could overflow\na stack buffer and allow an attacker to execute arbitrary code.Firefox 3 is not affected by this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48604", "scoring_system": "epss", "scoring_elements": "0.97807", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.48604", "scoring_system": "epss", "scoring_elements": "0.9781", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463181", "reference_id": "463181", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016", "reference_id": "CVE-2008-0016", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py", "reference_id": "CVE-2008-0016;OSVDB-48780", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-37", "reference_id": "mfsa2008-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-0016" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tj2u-5d7b-pfbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151037?format=api", "vulnerability_id": "VCID-tje5-65sx-wyep", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03735", "scoring_system": "epss", "scoring_elements": "0.88206", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03735", "scoring_system": "epss", "scoring_elements": "0.88226", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2043" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt", "reference_id": "CVE-2009-2043;OSVDB-55197", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35413/info", "reference_id": "CVE-2009-2043;OSVDB-55197", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35413/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2043" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tje5-65sx-wyep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159449?format=api", "vulnerability_id": "VCID-tnj7-zm3j-33de", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.6217", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.62219", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3866" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3866" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnj7-zm3j-33de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2656?format=api", "vulnerability_id": "VCID-tnjp-k3mu-j7gk", "summary": "Security researcher Attila Suszter reported that\nwhen a page contains a Flash object which presents a slow script\ndialog, and the page is navigated while the dialog is still visible to\nthe user, the Flash plugin is unloaded resulting in a crash due to a\ncall to the deleted object. This crash could potentially be used by\nan attacker to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05189", "scoring_system": "epss", "scoring_elements": "0.90088", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05189", "scoring_system": "epss", "scoring_elements": "0.90104", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512137", "reference_id": "512137", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467", "reference_id": "CVE-2009-2467", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-35", "reference_id": "mfsa2009-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2467" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnjp-k3mu-j7gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2490?format=api", "vulnerability_id": "VCID-tp6x-cmys-b7e4", "summary": "Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03669", "scoring_system": "epss", "scoring_elements": "0.88106", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03669", "scoring_system": "epss", "scoring_elements": "0.88126", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463189", "reference_id": "463189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837", "reference_id": "CVE-2008-3837", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-40", "reference_id": "mfsa2008-40", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-3837" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tp6x-cmys-b7e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2316?format=api", "vulnerability_id": "VCID-tr2a-sx41-p3hj", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02828", "scoring_system": "epss", "scoring_elements": "0.86442", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02828", "scoring_system": "epss", "scoring_elements": "0.86466", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839", "reference_id": "CVE-2012-5839", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5839" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tr2a-sx41-p3hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2133?format=api", "vulnerability_id": "VCID-tr7s-z4p8-jbdn", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the\nway <option> elements are inserted into a XUL\ntree <optgroup>. In certain cases, the number of\nreferences to an <option> element is under-counted so\nthat when the element is deleted, a live pointer to its old location\nis kept around and may later be used. An attacker could potentially\nuse these conditions to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05361", "scoring_system": "epss", "scoring_elements": "0.90248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05361", "scoring_system": "epss", "scoring_elements": "0.90264", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0176" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578150", "reference_id": "578150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176", "reference_id": "CVE-2010-0176", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-18", "reference_id": "mfsa2010-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0176" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tr7s-z4p8-jbdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2247?format=api", "vulnerability_id": "VCID-ttgr-vdhk-wkfv", "summary": "Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75519", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75547", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4192" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=865283", "reference_id": "865283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192", "reference_id": "CVE-2012-4192", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89", "reference_id": "mfsa2012-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89" }, { "reference_url": "https://usn.ubuntu.com/1608-1/", "reference_id": "USN-1608-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1608-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4192" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttgr-vdhk-wkfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2610?format=api", "vulnerability_id": "VCID-twsq-62p4-xkgx", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1037", "scoring_system": "epss", "scoring_elements": "0.93338", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1037", "scoring_system": "epss", "scoring_elements": "0.93349", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570", "reference_id": "503570", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833", "reference_id": "CVE-2009-1833", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1833" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twsq-62p4-xkgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2231?format=api", "vulnerability_id": "VCID-txhq-ft2z-6yck", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02028", "scoring_system": "epss", "scoring_elements": "0.84106", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02028", "scoring_system": "epss", "scoring_elements": "0.84128", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1212" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615456", "reference_id": "615456", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212", "reference_id": "CVE-2010-1212", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34", "reference_id": "mfsa2010-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1212" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txhq-ft2z-6yck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2228?format=api", "vulnerability_id": "VCID-tyd4-qfv6-cqer", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that JavaScript arrays were\nvulnerable to an integer overflow vulnerability. The report\ndemonstrated that an array could be constructed containing a very\nlarge number of items such that when memory was allocated to store the\narray items, the integer value used to calculate the buffer size would\noverflow resulting in too small a buffer being allocated. Subsequent\nuse of the array object could then result in data being written past\nthe end of the buffer and causing memory corruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04617", "scoring_system": "epss", "scoring_elements": "0.89448", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04617", "scoring_system": "epss", "scoring_elements": "0.89466", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660431", "reference_id": "660431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660431" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767", "reference_id": "CVE-2010-3767", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-81", "reference_id": "mfsa2010-81", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-81" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0968", "reference_id": "RHSA-2010:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0968" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3767" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tyd4-qfv6-cqer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2156?format=api", "vulnerability_id": "VCID-u2rw-8k5w-83ak", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that\nwhen window.__lookupGetter__ is called with no arguments\nthe code assumes the top JavaScript stack value is a property name.\nSince there were no arguments passed into the function, the top value\ncould represent uninitialized memory or a pointer to a previously\nfreed JavaScript object. Under such circumstances the value is passed\nto another subroutine which calls through the dangling pointer,\npotentially executing attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06976", "scoring_system": "epss", "scoring_elements": "0.91602", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06976", "scoring_system": "epss", "scoring_elements": "0.91614", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642286", "reference_id": "642286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183", "reference_id": "CVE-2010-3183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-67", "reference_id": "mfsa2010-67", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-67" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3183" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2rw-8k5w-83ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2844?format=api", "vulnerability_id": "VCID-u2ry-dzed-5yc8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.75221", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.7525", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730523", "reference_id": "730523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983", "reference_id": "CVE-2011-2983", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1165", "reference_id": "RHSA-2011:1165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1167", "reference_id": "RHSA-2011:1167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1167" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2983" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2ry-dzed-5yc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2652?format=api", "vulnerability_id": "VCID-u6e2-wfx5-r3cu", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05076", "scoring_system": "epss", "scoring_elements": "0.89965", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05076", "scoring_system": "epss", "scoring_elements": "0.8998", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3979" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546694", "reference_id": "546694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979", "reference_id": "CVE-2009-3979", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1673", "reference_id": "RHSA-2009:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3979" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u6e2-wfx5-r3cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2218?format=api", "vulnerability_id": "VCID-u9ed-ugwr-s3e7", "summary": "Mozilla security researcher Georgi Guninski\nreported that when a SVG document which is served\nwith Content-Type: application/octet-stream is embedded\ninto another document via an <embed> tag\nwith type=\"image/svg+xml\", the Content-Type is ignored\nand the SVG document is processed normally. A website which allows\narbitrary binary data to be uploaded but which relies\non Content-Type: application/octet-stream to prevent\nscript execution could have such protection bypassed. An attacker\ncould upload a SVG document containing JavaScript as a binary file to\na website, embed the SVG document into a malicious page on another\nsite, and gain access to the script environment from the SVG-serving\nsite, bypassing the same-origin policy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.7844", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78467", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566052", "reference_id": "566052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162", "reference_id": "CVE-2010-0162", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-05", "reference_id": "mfsa2010-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0162" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9ed-ugwr-s3e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2851?format=api", "vulnerability_id": "VCID-ubew-6znz-akgq", "summary": "Security researcher Soroush Dalili reported that\nthe resource: protocol could be exploited to allow directory traversal\non Windows and the potential loading of resources from non-permitted\nlocations. The impact would depend on whether interesting files existed\nin predictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01674", "scoring_system": "epss", "scoring_elements": "0.82482", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01674", "scoring_system": "epss", "scoring_elements": "0.82511", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700635", "reference_id": "700635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071", "reference_id": "CVE-2011-0071", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16", "reference_id": "mfsa2011-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0071" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubew-6znz-akgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2401?format=api", "vulnerability_id": "VCID-ucau-25n2-fqau", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01568", "scoring_system": "epss", "scoring_elements": "0.81856", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01568", "scoring_system": "epss", "scoring_elements": "0.81889", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109", "reference_id": "803109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464", "reference_id": "CVE-2012-0464", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0464" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ucau-25n2-fqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2596?format=api", "vulnerability_id": "VCID-ucht-xzab-3ffh", "summary": "Security researcher PenPal reported a crash\ninvolving a SVG element on which a watch function\nand __defineSetter__ function have been set for a\nparticular property. The crash showed evidence of memory corruption\nand could potentially be used by an attacker to run arbitrary code on\na victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0647", "scoring_system": "epss", "scoring_elements": "0.91246", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0647", "scoring_system": "epss", "scoring_elements": "0.91259", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2469" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512142", "reference_id": "512142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469", "reference_id": "CVE-2009-2469", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-37", "reference_id": "mfsa2009-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2469" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ucht-xzab-3ffh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2597?format=api", "vulnerability_id": "VCID-ufrj-d9va-hbbg", "summary": "Mozilla developer Daniel Veditz reported that when\nthe jar: scheme is used to wrap a URI which serves the\ncontent with Content-Disposition: attachment, the HTTP\nheader is ignored and the content is unpacked and displayed inline. A\nsite may depend on this HTTP header to prevent potentially untrusted\ncontent that it serves from executing within the context of the site.\nAn attacker could use this vulnerability to subvert sites using this\nmechanism to mitigate content injection attacks.This vulnerability has not been fixed on the Mozilla 1.8.1 branch,\nwhich is used to build Firefox 2 and Thunderbird 2. However, note\nthat there are several mitigating factors which prevent easy\nexploitation of this issue. In order for a website to be exploitable\nit must:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1306", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83308", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1306" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262", "reference_id": "496262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306", "reference_id": "CVE-2009-1306", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-16", "reference_id": "mfsa2009-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1306" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ufrj-d9va-hbbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2801?format=api", "vulnerability_id": "VCID-ugms-66q9-zfcf", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04704", "scoring_system": "epss", "scoring_elements": "0.89551", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04704", "scoring_system": "epss", "scoring_elements": "0.89568", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0081" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700676", "reference_id": "700676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081", "reference_id": "CVE-2011-0081", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0081" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugms-66q9-zfcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2391?format=api", "vulnerability_id": "VCID-ujwd-uhhy-4kfp", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02458", "scoring_system": "epss", "scoring_elements": "0.85514", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02458", "scoring_system": "epss", "scoring_elements": "0.85538", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0468" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000", "reference_id": "815000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468", "reference_id": "CVE-2012-0468", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20", "reference_id": "mfsa2012-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0468" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujwd-uhhy-4kfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2258?format=api", "vulnerability_id": "VCID-up5d-dcg6-3fab", "summary": "Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.\nUpdate October 9, 2012: This advisory was updated to reflect the fact that bug 756719 was also fixed in ESR 10.0.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73365", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73401", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851912", "reference_id": "851912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956", "reference_id": "CVE-2012-1956", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59", "reference_id": "mfsa2012-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1956" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-up5d-dcg6-3fab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2240?format=api", "vulnerability_id": "VCID-uq1p-rt3j-z3cf", "summary": "Using the Address Sanitizer tool, Mozilla security researcher\nChristoph Diehl discovered two memory corruption issues\ninvolving the Graphite 2 library used in Mozilla products. Both of these issues\ncan cause a potentially exploitable crash. These problems were fixed in the\nGraphite 2 library, which has been updated for Mozilla products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03136", "scoring_system": "epss", "scoring_elements": "0.87121", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03136", "scoring_system": "epss", "scoring_elements": "0.87143", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851923", "reference_id": "851923", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971", "reference_id": "CVE-2012-3971", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-64", "reference_id": "mfsa2012-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-64" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3971" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uq1p-rt3j-z3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2300?format=api", "vulnerability_id": "VCID-ur8y-8uah-dkhf", "summary": "Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74329", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74362", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877625", "reference_id": "877625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205", "reference_id": "CVE-2012-4205", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-97", "reference_id": "mfsa2012-97", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-97" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4205" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ur8y-8uah-dkhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2310?format=api", "vulnerability_id": "VCID-uuzp-xmx5-e7c4", "summary": "Security researchers Mario Gomes and Soroush\nDalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01216", "scoring_system": "epss", "scoring_elements": "0.79353", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01216", "scoring_system": "epss", "scoring_elements": "0.7938", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840225", "reference_id": "840225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965", "reference_id": "CVE-2012-1965", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-55", "reference_id": "mfsa2012-55", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1965" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uuzp-xmx5-e7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2898?format=api", "vulnerability_id": "VCID-uwxn-2akc-aud1", "summary": "Security researcher Aki Helin reported a potentially\nexploitable crash in the YARR regular expression library used by JavaScript.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07734", "scoring_system": "epss", "scoring_elements": "0.9208", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07734", "scoring_system": "epss", "scoring_elements": "0.92092", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232", "reference_id": "CVE-2011-3232", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-42", "reference_id": "mfsa2011-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-42" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3232" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwxn-2akc-aud1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2168?format=api", "vulnerability_id": "VCID-uxfr-dz5s-kfdz", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06395", "scoring_system": "epss", "scoring_elements": "0.91186", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06395", "scoring_system": "epss", "scoring_elements": "0.91199", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691", "reference_id": "521691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075", "reference_id": "CVE-2009-3075", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3075" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxfr-dz5s-kfdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2624?format=api", "vulnerability_id": "VCID-v1gt-2387-67dw", "summary": "Security researcher Dan Kaminsky reported an\ninteger overflow in the Theora video library. A video's dimensions\nwere being multiplied together and used in particular memory\nallocations. When the video dimensions were sufficiently large, the\nmultiplication could overflow a 32-bit integer resulting in too small\na memory buffer being allocated for the video. An attacker could use\na specially crafted video to write data past the bounds of this\nbuffer, causing a crash and potentially running arbitrary code on a\nvictim's computer.Mozilla intern David Keeler also independently\nreported this issue as well as an additional crash which was\ndetermined to be a denial-of-service.Video capabilities were added to the Mozilla browser engine\nin Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these\nproducts were not affected.These bugs were fixed upstream in Theora version 1.1\n(\"Thusnelda\") but the older version used in Firefox 3.5 needed this\npatch.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0553", "scoring_system": "epss", "scoring_elements": "0.90416", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0553", "scoring_system": "epss", "scoring_elements": "0.9043", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3389" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=548541", "reference_id": "548541", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548541" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950", "reference_id": "572950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389", "reference_id": "CVE-2009-3389", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201312-04", "reference_id": "GLSA-201312-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-67", "reference_id": "mfsa2009-67", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-67" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3389" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1gt-2387-67dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2888?format=api", "vulnerability_id": "VCID-v6tm-cudb-vkb1", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04198", "scoring_system": "epss", "scoring_elements": "0.88921", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04198", "scoring_system": "epss", "scoring_elements": "0.88938", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2997" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997", "reference_id": "CVE-2011-2997", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36", "reference_id": "mfsa2011-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2997" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6tm-cudb-vkb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2198?format=api", "vulnerability_id": "VCID-v7hg-tmdv-k7e8", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the fix\nfor CVE-2010-0179\ncould be circumvented permitting the execution of arbitrary JavaScript\nwith chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01046", "scoring_system": "epss", "scoring_elements": "0.77836", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01046", "scoring_system": "epss", "scoring_elements": "0.77863", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660435", "reference_id": "660435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773", "reference_id": "CVE-2010-3773", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82", "reference_id": "mfsa2010-82", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3773" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7hg-tmdv-k7e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2146?format=api", "vulnerability_id": "VCID-v91k-76fs-pbdd", "summary": "Security researcher wushi of team509 reported a\nheap buffer overflow in code routines responsible for transforming\ntext runs. A page could be constructed with a bidirectional text run\nwhich upon reflow could result in an incorrect length being calculated\nfor the run of text. When this value is subsequently used to allocate\nmemory for the text too small a buffer may be created potentially\nresulting in a buffer overflow and the execution of attacker\ncontrolled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05962", "scoring_system": "epss", "scoring_elements": "0.90819", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05962", "scoring_system": "epss", "scoring_elements": "0.90833", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3166" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630061", "reference_id": "630061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630061" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166", "reference_id": "CVE-2010-3166", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-53", "reference_id": "mfsa2010-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3166" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v91k-76fs-pbdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2287?format=api", "vulnerability_id": "VCID-v9sq-2u6p-dfec", "summary": "Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80479", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80505", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4194" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893", "reference_id": "869893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194", "reference_id": "CVE-2012-4194", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90", "reference_id": "mfsa2012-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1407", "reference_id": "RHSA-2012:1407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1413", "reference_id": "RHSA-2012:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1413" }, { "reference_url": "https://usn.ubuntu.com/1620-1/", "reference_id": "USN-1620-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-1/" }, { "reference_url": "https://usn.ubuntu.com/1620-2/", "reference_id": "USN-1620-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4194" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9sq-2u6p-dfec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2332?format=api", "vulnerability_id": "VCID-vdr2-62nz-kqbc", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87464", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87485", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1972" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972", "reference_id": "CVE-2012-1972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1972" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdr2-62nz-kqbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2366?format=api", "vulnerability_id": "VCID-vegx-5hzk-qbak", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06289", "scoring_system": "epss", "scoring_elements": "0.91097", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06289", "scoring_system": "epss", "scoring_elements": "0.9111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1941" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843", "reference_id": "827843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941", "reference_id": "CVE-2012-1941", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1941" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vegx-5hzk-qbak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2671?format=api", "vulnerability_id": "VCID-veuq-5jdf-tfcr", "summary": "Moxie Marlinspike reported a heap overflow vulnerability\nin the code that handles regular expressions in certificate names. This\nvulnerability could be used to compromise the browser and run arbitrary code\nby presenting a specially crafted certificate to the client. This code\nprovided compatibility with the non-standard regular expression syntax\nhistorically supported by Netscape clients and servers. With version 3.5\nFirefox switched to the more limited industry-standard wildcard syntax\ninstead and is not vulnerable to this flaw.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21024", "scoring_system": "epss", "scoring_elements": "0.95752", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.21024", "scoring_system": "epss", "scoring_elements": "0.95757", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2404" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912", "reference_id": "512912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934", "reference_id": "539934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404", "reference_id": "CVE-2009-2404", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-43", "reference_id": "mfsa2009-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1184", "reference_id": "RHSA-2009:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1185", "reference_id": "RHSA-2009:1185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1186", "reference_id": "RHSA-2009:1186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1190", "reference_id": "RHSA-2009:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1207", "reference_id": "RHSA-2009:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1207" }, { "reference_url": "https://usn.ubuntu.com/810-1/", "reference_id": "USN-810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2404" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-veuq-5jdf-tfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2407?format=api", "vulnerability_id": "VCID-vfss-5cfk-dqc3", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03749", "scoring_system": "epss", "scoring_elements": "0.88227", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03749", "scoring_system": "epss", "scoring_elements": "0.88247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1949" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021281", "reference_id": "2021281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949", "reference_id": "CVE-2012-1949", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42", "reference_id": "mfsa2012-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1949" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfss-5cfk-dqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2162?format=api", "vulnerability_id": "VCID-vfu5-uhhe-b3c1", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05221", "scoring_system": "epss", "scoring_elements": "0.90116", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05221", "scoring_system": "epss", "scoring_elements": "0.90133", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1203" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590816", "reference_id": "590816", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203", "reference_id": "CVE-2010-1203", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1203" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfu5-uhhe-b3c1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2621?format=api", "vulnerability_id": "VCID-vgpk-ywkp-cyaq", "summary": "Firefox user zbyte reported a crash that we determined\ncould result in an exploitable memory corruption problem. In certain cases\nafter a return from a native function, such as escape(), the\nJust-in-Time (JIT) compiler could get into a corrupt state. This could be\nexploited by an attacker to run arbitrary code such as installing malware.\nWe would like to thank community members Lucas\nKruijswijk and Nochum Sossonko for isolating\nthe problematic script from the original crashing site.\nThis vulnerability does not affect earlier versions of Firefox which\ndo not support the JIT feature.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83306", "scoring_system": "epss", "scoring_elements": "0.99286", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.83306", "scoring_system": "epss", "scoring_elements": "0.99287", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228", "reference_id": "511228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477", "reference_id": "CVE-2009-2477", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html", "reference_id": "CVE-2009-2477", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html" }, { "reference_url": "https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/", "reference_id": "CVE-2009-2477", "reference_type": "exploit", "scores": [], "url": "https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb", "reference_id": "CVE-2009-2477;OSVDB-55846", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl", "reference_id": "CVE-2009-2477;OSVDB-55846", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-41", "reference_id": "mfsa2009-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-41" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html", "reference_id": "OSVDB-55932;CVE-2009-2478;OSVDB-55846;CVE-2009-2477", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2477" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgpk-ywkp-cyaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2802?format=api", "vulnerability_id": "VCID-vnsr-zayr-rycr", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88839", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88856", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700642", "reference_id": "700642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700642" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069", "reference_id": "CVE-2011-0069", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0069" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnsr-zayr-rycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2900?format=api", "vulnerability_id": "VCID-vp8w-pvrp-7kfn", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat it was possible for a non-whitelisted site to trigger an install\ndialog for add-ons and themes.This vulnerability was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; it does not affect earlier versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54393", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.5445", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370", "reference_id": "CVE-2011-2370", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-28", "reference_id": "mfsa2011-28", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-28" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2370" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vp8w-pvrp-7kfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2359?format=api", "vulnerability_id": "VCID-vqjg-6r7v-skg8", "summary": "Security researcher Jeroen van der Gun reported that if RSS\nor Atom XML invalid content is loaded over HTTPS, the addressbar updates to\ndisplay the new location of the loaded resource, including SSL indicators, while\nthe main window still displays the previously loaded content. This allows for\nphishing attacks where a malicious page can spoof the identify of another\nseemingly secure site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.7397", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.74003", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815044", "reference_id": "815044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479", "reference_id": "CVE-2012-0479", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-33", "reference_id": "mfsa2012-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0479" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqjg-6r7v-skg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2422?format=api", "vulnerability_id": "VCID-vuz7-kx9u-vye9", "summary": "Kojima Hajime reported that unlike literal null\ncharacters which were handled correctly, the escaped form '\\0'\nwas ignored by the CSS parser and treated as if it was not present in\nthe CSS input string. This issue could potentially be used to bypass\nscript sanitization routines in web applications. The severity of\nthis issue was determined to be low.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77541", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77568", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5510" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476283", "reference_id": "476283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510", "reference_id": "CVE-2008-5510", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-67", "reference_id": "mfsa2008-67", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-67" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/717-3/", "reference_id": "USN-717-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-5510" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuz7-kx9u-vye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/155729?format=api", "vulnerability_id": "VCID-vvvg-v3rb-hybf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47717", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.4778", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3400" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3400" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vvvg-v3rb-hybf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2185?format=api", "vulnerability_id": "VCID-w13f-sddd-nfan", "summary": "Google security researcher Michal Zalewski\nreported that when a window was opened to a site resulting in a\nnetwork or certificate error page, the opening site could access the\ndocument inside the opened window and inject arbitrary content. An\nattacker could use this bug to spoof the location bar and trick a user\ninto thinking they were on a different site than they actually\nwere.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77503", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.7753", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660438", "reference_id": "660438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774", "reference_id": "CVE-2010-3774", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-83", "reference_id": "mfsa2010-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3774" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w13f-sddd-nfan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2154?format=api", "vulnerability_id": "VCID-w2pm-349a-ayc4", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the XMLHttpRequestSpy module in the Firebug add-on was exposing\nan underlying chrome privilege escalation vulnerability. When the\nXMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects. This could result in an attacker running arbitrary\nJavaScript on a victim's machine, though it required the victim to\nhave Firebug installed, so the overall severity of the issue was\ndetermined to be High.This vulnerability does not affect Firefox 3.6", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00723", "scoring_system": "epss", "scoring_elements": "0.72911", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00723", "scoring_system": "epss", "scoring_elements": "0.72948", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578155", "reference_id": "578155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179", "reference_id": "CVE-2010-0179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21", "reference_id": "mfsa2010-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82", "reference_id": "mfsa2010-82", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0179" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2pm-349a-ayc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2312?format=api", "vulnerability_id": "VCID-w4cg-33we-qfez", "summary": "Using the Address Sanitizer tool, security researcher Aki\nHelin from OUSPG found that IDBKeyRange of indexedDB remains in the\nXPConnect hashtable instead of being unlinked before being destroyed. When it is\ndestroyed, this causes a use-after-free, which is potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17081", "scoring_system": "epss", "scoring_elements": "0.9512", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17081", "scoring_system": "epss", "scoring_elements": "0.95129", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0469" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815019", "reference_id": "815019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469", "reference_id": "CVE-2012-0469", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-22", "reference_id": "mfsa2012-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0469" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4cg-33we-qfez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2798?format=api", "vulnerability_id": "VCID-w8gw-dg3u-hbar", "summary": "Mark Kaplan reported a potentially exploitable crash due to\ninteger underflow when using a large JavaScript RegExp expression.\nWe would also like to thank Mark for contributing the fix for this problem.\nThe Regular Expression engine was replaced in Firefox 4 and\nthe newer engine does not suffer from this bug.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03711", "scoring_system": "epss", "scoring_elements": "0.88177", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03711", "scoring_system": "epss", "scoring_elements": "0.88198", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2998" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741924", "reference_id": "741924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998", "reference_id": "CVE-2011-2998", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-37", "reference_id": "mfsa2011-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1343", "reference_id": "RHSA-2011:1343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1344", "reference_id": "RHSA-2011:1344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1344" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2998" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8gw-dg3u-hbar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149242?format=api", "vulnerability_id": "VCID-w8ke-esx1-x3hs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71245", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71289", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6961" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-6961" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ke-esx1-x3hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2655?format=api", "vulnerability_id": "VCID-w9h1-ahqd-83de", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08287", "scoring_system": "epss", "scoring_elements": "0.92391", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08287", "scoring_system": "epss", "scoring_elements": "0.92405", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982", "reference_id": "CVE-2009-3982", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3982" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w9h1-ahqd-83de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2208?format=api", "vulnerability_id": "VCID-w9jx-nwdg-8yaw", "summary": "Security researcher Paul Stone reported that a\nbrowser applet could be used to turn a simple mouse click into a\ndrag-and-drop action, potentially resulting in the unintended loading\nof resources in a user's browser. This behavior could be used twice\nin succession to first load a privileged chrome: URL in a\nvictim's browser, then load a malicious javascript: URL\non top of the same document resulting in arbitrary script execution\nwith chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87854", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87876", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578154", "reference_id": "578154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178", "reference_id": "CVE-2010-0178", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-20", "reference_id": "mfsa2010-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0178" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w9jx-nwdg-8yaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2901?format=api", "vulnerability_id": "VCID-w9qp-qk2x-63gh", "summary": "Mozilla developer Bas Schouten reported that the\nintroduction of the \"Azure\" graphics back-end on Windows in Firefox 7\nre-introduced the cross-origin data theft issue reported by\nnasalislarvatus3000 as described in \nMFSA 2011-29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49784", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49846", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649", "reference_id": "CVE-2011-3649", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-50", "reference_id": "mfsa2011-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-50" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3649" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w9qp-qk2x-63gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2872?format=api", "vulnerability_id": "VCID-wax4-bwfb-v3ff", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a method used\nby JSON.stringify contained a use-after-free error in\nwhich a currently in-use pointer was freed and subsequently\ndereferenced. This could lead to arbitrary code execution if an\nattacker was able to store malicious code in the freed section of\nmemory.Mozilla developer Igor Bukanov also independently\ndiscovered and reported this issue two weeks after the initial\nreport was received.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03375", "scoring_system": "epss", "scoring_elements": "0.87592", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03375", "scoring_system": "epss", "scoring_elements": "0.87614", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675090", "reference_id": "675090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055", "reference_id": "CVE-2011-0055", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-03", "reference_id": "mfsa2011-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0055" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wax4-bwfb-v3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2216?format=api", "vulnerability_id": "VCID-wdwg-avx6-fkhf", "summary": "Security researcher wushi of team509 reported that\nthe frame construction process for certain types of menus could result\nin a menu containing a pointer to a previously freed menu item.\nDuring the cycle collection process, this freed item could be accessed,\nresulting in the execution of a section of code potentially controlled\nby an attacker.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.9014", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.90156", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590822", "reference_id": "590822", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183", "reference_id": "CVE-2010-0183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-27", "reference_id": "mfsa2010-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0183" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdwg-avx6-fkhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2329?format=api", "vulnerability_id": "VCID-wh5f-gkuv-q3ep", "summary": "Security researcher Kaspar Brand found a flaw in how the\nNetwork Security Services (NSS) ASN.1 decoder handles zero length items. Effects\nof this issue depend on the field. One known symptom is an unexploitable crash\nin handling OCSP responses. NSS also mishandles zero-length basic constraints,\nassuming default values for some types that should be rejected as malformed.\nThese issues have been addressed in NSS 3.13.4, which is now being used by\nMozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03581", "scoring_system": "epss", "scoring_elements": "0.87953", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03581", "scoring_system": "epss", "scoring_elements": "0.87974", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0441" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827833", "reference_id": "827833", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441", "reference_id": "CVE-2012-0441", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-39", "reference_id": "mfsa2012-39", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1090", "reference_id": "RHSA-2012:1090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1091", "reference_id": "RHSA-2012:1091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1091" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" }, { "reference_url": "https://usn.ubuntu.com/1540-1/", "reference_id": "USN-1540-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1540-1/" }, { "reference_url": "https://usn.ubuntu.com/1540-2/", "reference_id": "USN-1540-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1540-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0441" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wh5f-gkuv-q3ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2211?format=api", "vulnerability_id": "VCID-wmbg-72ur-a7hd", "summary": "Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument. The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext. The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate. A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.64449", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.64493", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1206" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608763", "reference_id": "608763", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206", "reference_id": "CVE-2010-1206", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45", "reference_id": "mfsa2010-45", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1206" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmbg-72ur-a7hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2809?format=api", "vulnerability_id": "VCID-wns9-765d-tkg3", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.88942", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8896", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0072" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700622", "reference_id": "700622", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072", "reference_id": "CVE-2011-0072", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0072" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wns9-765d-tkg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2252?format=api", "vulnerability_id": "VCID-wp6p-ce29-6fbm", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06071", "scoring_system": "epss", "scoring_elements": "0.90906", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06071", "scoring_system": "epss", "scoring_elements": "0.90922", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179", "reference_id": "CVE-2012-4179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-4179" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wp6p-ce29-6fbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2847?format=api", "vulnerability_id": "VCID-wp88-wpws-j7gg", "summary": "Security researcher Mario Heiderich reported it was\npossible to use SVG animation accessKey events to detect\nkey strokes even when JavaScript was disabled. Since web pages can normally\ndetect key events through script and most users have scripting enabled this\ndoes not present a risk for most users. In contexts where the user knows\nscripting is disabled (reading mail, for example, or NoScript users) this\ncould allow a malicious web page to fool a user into interacting with\na prompt thinking it came from the browser or mail program.\n\nAccessing remote content is disabled by default When reading mail in\nThunderbird and SeaMonkey. Successfully capturing keystrokes remotely would\nrequire some social engineering to convince the user to turn it on.\n\nSVG animation is not supported in Thunderbird 3.1 or Firefox 3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76838", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.7687", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3663" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663", "reference_id": "CVE-2011-3663", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-56", "reference_id": "mfsa2011-56", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-56" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3663" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wp88-wpws-j7gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2665?format=api", "vulnerability_id": "VCID-wqey-n4t3-87gy", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0364", "scoring_system": "epss", "scoring_elements": "0.88054", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0364", "scoring_system": "epss", "scoring_elements": "0.88075", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3380" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530567", "reference_id": "530567", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380", "reference_id": "CVE-2009-3380", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3380" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqey-n4t3-87gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2330?format=api", "vulnerability_id": "VCID-wtfj-hrtt-z7d9", "summary": "Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8084", "scoring_system": "epss", "scoring_elements": "0.99169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.8084", "scoring_system": "epss", "scoring_elements": "0.99171", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3993" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623", "reference_id": "863623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993", "reference_id": "CVE-2012-3993", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb", "reference_id": "CVE-2012-3993;OSVDB-96019;CVE-2013-1710", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb", "reference_id": "CVE-2012-3993;OSVDB-96019;CVE-2013-1710", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83", "reference_id": "mfsa2012-83", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3993" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wtfj-hrtt-z7d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2836?format=api", "vulnerability_id": "VCID-ww9s-mrbh-y7fx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01336", "scoring_system": "epss", "scoring_elements": "0.80324", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01336", "scoring_system": "epss", "scoring_elements": "0.80349", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730520", "reference_id": "730520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981", "reference_id": "CVE-2011-2981", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2981" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ww9s-mrbh-y7fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2308?format=api", "vulnerability_id": "VCID-x145-u49m-yuh9", "summary": "Security researcher Simone Fabiano reported that if a\ncross-site XHR or WebSocket is opened on a web server on a non-standard port for\nweb traffic while using an IPv6 address, the browser will send an ambiguous\norigin headers if the IPv6 address contains at least 2 consecutive 16-bit fields\nof zeroes. If there is an origin access control list that uses IPv6 literals,\nthis issue could be used to bypass these access controls on the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52594", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52653", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0475" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187", "reference_id": "815187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475", "reference_id": "CVE-2012-0475", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-28", "reference_id": "mfsa2012-28", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-28" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-0475" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x145-u49m-yuh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2173?format=api", "vulnerability_id": "VCID-x2uy-apkf-pqed", "summary": "Security researcher Sergey Glazunov reported a\ndangling pointer vulnerability in the implementation\nof navigator.plugins in which the navigator\nobject could retain a pointer to the plugins array even after it had\nbeen destroyed. An attacker could potentially use this issue to crash\nthe browser and run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0476", "scoring_system": "epss", "scoring_elements": "0.89632", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0476", "scoring_system": "epss", "scoring_elements": "0.89649", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630059", "reference_id": "630059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767", "reference_id": "CVE-2010-2767", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-51", "reference_id": "mfsa2010-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2767" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2uy-apkf-pqed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2813?format=api", "vulnerability_id": "VCID-x3e6-82ew-b7gd", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08433", "scoring_system": "epss", "scoring_elements": "0.92485", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08433", "scoring_system": "epss", "scoring_elements": "0.92498", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675083", "reference_id": "675083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675083" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062", "reference_id": "CVE-2011-0062", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01", "reference_id": "mfsa2011-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0062" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x3e6-82ew-b7gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2670?format=api", "vulnerability_id": "VCID-x7gc-qnmk-ebfk", "summary": "Security researchers Adam Barth and Collin\nJackson reported that when a file: resource is\nloaded via the location bar it inherits the principal of the\npreviously loaded document. This vulnerability can potentially give\nthe newly loaded document additional privileges to access the contents\nof other local files that it wouldn't otherwise have permission to read.\nA potential victim would first have to have downloaded the attackers\ndocument to their local machine. Then the victim would have to open another\ndocument in a directory of interest to the attacker before opening the\nattacker's file in the same window.\nPrior to version 3.0, Firefox (like browsers from other\nvendors) treated all local files as having the same origin without\nrestriction. This vulnerability is a partial bypass of the restrictions\nimplemented in Firefox 3.0", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15161", "scoring_system": "epss", "scoring_elements": "0.94725", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15161", "scoring_system": "epss", "scoring_elements": "0.94733", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503581", "reference_id": "503581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839", "reference_id": "CVE-2009-1839", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html", "reference_id": "CVE-2009-1839;OSVDB-55163", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-30", "reference_id": "mfsa2009-30", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1839" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7gc-qnmk-ebfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2653?format=api", "vulnerability_id": "VCID-x8z2-s5wx-2ke4", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04407", "scoring_system": "epss", "scoring_elements": "0.89196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04407", "scoring_system": "epss", "scoring_elements": "0.89212", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980", "reference_id": "CVE-2009-3980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3980" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8z2-s5wx-2ke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2905?format=api", "vulnerability_id": "VCID-xa2f-3428-kkck", "summary": "Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01512", "scoring_system": "epss", "scoring_elements": "0.81534", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01512", "scoring_system": "epss", "scoring_elements": "0.81562", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003", "reference_id": "CVE-2011-3003", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41", "reference_id": "mfsa2011-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3003" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xa2f-3428-kkck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2850?format=api", "vulnerability_id": "VCID-xa69-rn7t-vfdn", "summary": "sczimmer reported that Firefox crashed when loading\na particular .ogg file. This was due to a use-after-free\ncondition and could potentially be exploited to install malware.\nThis vulnerability does not affect Firefox 3.6 or earlier.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89087", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005", "reference_id": "CVE-2011-3005", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-44", "reference_id": "mfsa2011-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-44" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3005" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xa69-rn7t-vfdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2230?format=api", "vulnerability_id": "VCID-xe4n-uxss-vfcu", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03871", "scoring_system": "epss", "scoring_elements": "0.88442", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03871", "scoring_system": "epss", "scoring_elements": "0.8846", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615455", "reference_id": "615455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211", "reference_id": "CVE-2010-1211", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34", "reference_id": "mfsa2010-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1211" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xe4n-uxss-vfcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2870?format=api", "vulnerability_id": "VCID-xeum-pwvy-euhk", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02514", "scoring_system": "epss", "scoring_elements": "0.85669", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02514", "scoring_system": "epss", "scoring_elements": "0.85691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2365" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365", "reference_id": "CVE-2011-2365", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2365" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xeum-pwvy-euhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2869?format=api", "vulnerability_id": "VCID-xf4h-rten-nkbv", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86358", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86381", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2364" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364", "reference_id": "CVE-2011-2364", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-2364" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xf4h-rten-nkbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2873?format=api", "vulnerability_id": "VCID-xhr9-3tgh-6ubu", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\nthe problem described in MFSA 2011-43 and fixed in\nFirefox 7 also affected Firefox 3.6: a malicious page could potentially\nexploit a Firefox user who had installed an add-on that used loadSubscript\nin vulnerable ways.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00769", "scoring_system": "epss", "scoring_elements": "0.73864", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00769", "scoring_system": "epss", "scoring_elements": "0.739", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3647" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751931", "reference_id": "751931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647", "reference_id": "CVE-2011-3647", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-46", "reference_id": "mfsa2011-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1437", "reference_id": "RHSA-2011:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1439", "reference_id": "RHSA-2011:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1439" }, { "reference_url": "https://usn.ubuntu.com/1251-1/", "reference_id": "USN-1251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1251-1/" }, { "reference_url": "https://usn.ubuntu.com/1254-1/", "reference_id": "USN-1254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1254-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3647" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhr9-3tgh-6ubu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2295?format=api", "vulnerability_id": "VCID-xk4x-pd18-akag", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03397", "scoring_system": "epss", "scoring_elements": "0.87629", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03397", "scoring_system": "epss", "scoring_elements": "0.8765", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1951" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951", "reference_id": "CVE-2012-1951", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-1951" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xk4x-pd18-akag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2631?format=api", "vulnerability_id": "VCID-xq1u-e9aa-u3eq", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03284", "scoring_system": "epss", "scoring_elements": "0.8742", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03284", "scoring_system": "epss", "scoring_elements": "0.87442", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743", "reference_id": "552743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378", "reference_id": "CVE-2009-3378", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-3378" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xq1u-e9aa-u3eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2172?format=api", "vulnerability_id": "VCID-xs6r-rhtz-xqed", "summary": "Mozilla developer Ehsan Akhgari reported that a\nfunction used to load external libraries on Windows platforms was\nusing a relative path to a DLL-loading application and was thus\nvulnerable to binary planting if an attacker was able to place an\nexecutable of the same name in the current working directory or any of\nthe other locations that Windows searches for executables.Dmitri Gribenko reported that the script used to\nlaunch Mozilla applications on Linux was effectively including the\ncurrent working directory in the LD_LIBRARY_PATH\nenvironment variable. If an attacker was able to place into the\ncurrent working directory a malicious shared library with the same\nname as a library that the bootstrapping script depends on the\nattacker could have their library loaded instead of the legitimate\nlibrary.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23336", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23419", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642300", "reference_id": "642300", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182", "reference_id": "CVE-2010-3182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-71", "reference_id": "mfsa2010-71", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-71" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0780", "reference_id": "RHSA-2010:0780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3182" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xs6r-rhtz-xqed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2808?format=api", "vulnerability_id": "VCID-xsh3-a3gp-jqbj", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.88942", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8896", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0078" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700603", "reference_id": "700603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700603" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078", "reference_id": "CVE-2011-0078", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0078" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsh3-a3gp-jqbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2884?format=api", "vulnerability_id": "VCID-xvbn-ap9n-gkh9", "summary": "Marc Schoenefeld reported a crash when using Firebug\nto profile a JavaScript file with many functions. It may be possible\nto trigger this crash without the use of debugging APIs, and if so\nthis could be exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01271", "scoring_system": "epss", "scoring_elements": "0.7986", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01271", "scoring_system": "epss", "scoring_elements": "0.79885", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3650" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751933", "reference_id": "751933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650", "reference_id": "CVE-2011-3650", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-49", "reference_id": "mfsa2011-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1437", "reference_id": "RHSA-2011:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1439", "reference_id": "RHSA-2011:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1439" }, { "reference_url": "https://usn.ubuntu.com/1251-1/", "reference_id": "USN-1251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1251-1/" }, { "reference_url": "https://usn.ubuntu.com/1254-1/", "reference_id": "USN-1254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1254-1/" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3650" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvbn-ap9n-gkh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2595?format=api", "vulnerability_id": "VCID-xw62-txxw-zbfr", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05821", "scoring_system": "epss", "scoring_elements": "0.9069", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05821", "scoring_system": "epss", "scoring_elements": "0.90703", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2466" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512136", "reference_id": "512136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466", "reference_id": "CVE-2009-2466", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2466" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw62-txxw-zbfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2149?format=api", "vulnerability_id": "VCID-xzez-e2ta-2ufk", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04467", "scoring_system": "epss", "scoring_elements": "0.89279", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04467", "scoring_system": "epss", "scoring_elements": "0.89297", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2760" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630062", "reference_id": "630062", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760", "reference_id": "CVE-2010-2760", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54", "reference_id": "mfsa2010-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-2760" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xzez-e2ta-2ufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2215?format=api", "vulnerability_id": "VCID-y93j-bsr1-xqhp", "summary": "Security researcher echo reported that a web page\ncould open a window with an about:blank location and then inject an\n<isindex> element into that page which upon submission would\nredirect to a chrome: document. The effect of this defect was that\nthe original page would wind up with a reference to a\nchrome-privileged object, the opened window, which could be leveraged\nfor privilege escalation attacks.Mozilla security researcher moz_bug_r_a4 provided\nproof-of-concept code demonstrating how the above vulnerability could\nbe used to run arbitrary code with chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02236", "scoring_system": "epss", "scoring_elements": "0.84853", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02236", "scoring_system": "epss", "scoring_elements": "0.84877", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660417", "reference_id": "660417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771", "reference_id": "CVE-2010-3771", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-76", "reference_id": "mfsa2010-76", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-76" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3771" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y93j-bsr1-xqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2663?format=api", "vulnerability_id": "VCID-y9mx-my5e-6qbp", "summary": "Developer and Mozilla community member Paolo\nAmadini reported that when saving the inner frame of a web\npage as a file when the outer page has POST data associated with it,\nthe POST data will be incorrectly sent to the URL of the inner frame.\nThis could potentially result in a user's sensitive data being sent to\na site for which it was not intended.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.79049", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.79075", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496271", "reference_id": "496271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311", "reference_id": "CVE-2009-1311", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-21", "reference_id": "mfsa2009-21", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1311" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y9mx-my5e-6qbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2151?format=api", "vulnerability_id": "VCID-ydbn-ay8s-fkd9", "summary": "Security researcher Haifei Li of FortiGuard Labs\nreported that Firefox could be used to load a malicious code library\nthat had been planted on a victim's computer. Firefox attempts to\nload dwmapi.dll upon startup as part of its platform detection, so on\nsystems that don't have this library, such as Windows XP, Firefox will\nsubsequently attempt to load the library from the current working\ndirectory. An attacker could use this vulnerability to trick a user\ninto downloading a HTML file and a malicious copy of dwmapi.dll into\nthe same directory on their computer and opening the HTML file with\nFirefox, thus causing the malicious code to be executed. If the\nattacker was on the same network as the victim, the malicious DLL\ncould also be loaded via a UNC path. This DLL is only loaded at\nstartup so a successful attack requires that Firefox not currently\nbe running when it is asked to open the HTML\nfile and accompanying DLL.This issue was also independently reported to Mozilla\nby Acros Security. After the issue became public a\nnumber of other community members contacted Mozilla to report the\nissue.Firefox users on Windows Vista or Windows 7\nwere not vulnerable to this attack because dwmapi.dll is part\nof the OS in Vista and later versions and the legitimate copy\nis successfully loaded by\nFirefox before attempting to load the planted DLL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10225", "scoring_system": "epss", "scoring_elements": "0.9328", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10225", "scoring_system": "epss", "scoring_elements": "0.93291", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131", "reference_id": "CVE-2010-3131", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c", "reference_id": "CVE-2010-3131;OSVDB-67502", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c", "reference_id": "CVE-2010-3131;OSVDB-67502", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-52", "reference_id": "mfsa2010-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-3131" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ydbn-ay8s-fkd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2608?format=api", "vulnerability_id": "VCID-ydxj-aet2-m7b1", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15734", "scoring_system": "epss", "scoring_elements": "0.94843", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15734", "scoring_system": "epss", "scoring_elements": "0.94852", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1392" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568", "reference_id": "503568", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392", "reference_id": "CVE-2009-1392", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1392" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ydxj-aet2-m7b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2651?format=api", "vulnerability_id": "VCID-yggq-y333-67cq", "summary": "Mozilla community member Michael reported that\nwhen a server responds with a Refresh header containing a\njavascript: URI, Firefox will redirect to the javascript: URI. If an\nattacker could inject a Refresh header into a server\nresponse, or could control the value that a site places in\nthe Refresh header, they could use this vulnerability to\nperform an XSS attack and execute arbitrary JavaScript within the\ncontext of that site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05662", "scoring_system": "epss", "scoring_elements": "0.90534", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05662", "scoring_system": "epss", "scoring_elements": "0.90548", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1312" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496274", "reference_id": "496274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312", "reference_id": "CVE-2009-1312", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt", "reference_id": "CVE-2009-1312;OSVDB-53952", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt" }, { "reference_url": "https://www.securityfocus.com/bid/34656/info", "reference_id": "CVE-2009-1312;OSVDB-53952", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/34656/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-22", "reference_id": "mfsa2009-22", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1312" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yggq-y333-67cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2226?format=api", "vulnerability_id": "VCID-yn1v-ut2g-fufv", "summary": "Security researcher Yosuke Hasegawa reported that\nthe Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript. This is a violation of the same-origin policy and could\nbe used by an attacker to steal information from other sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40136", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40219", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1213" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615471", "reference_id": "615471", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213", "reference_id": "CVE-2010-1213", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-42", "reference_id": "mfsa2010-42", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-1213" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn1v-ut2g-fufv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2856?format=api", "vulnerability_id": "VCID-ysfu-gcvc-33g9", "summary": "David Rees reported that the JSSubScriptLoader (a\nfeature used by some add-ons) was \"unwrapping\" XPCNativeWrappers when they\nwere used as the scope parameter to loadSubScript(). Without\nthe protection of the wrappers the add-on could be vulnerable to privilege\nescalation attacks from malicious web content. Whether any given add-on\nwere vulnerable would depend on how the add-on used the feature\nand whether it interacted directly with web content, but we did find\nat least one vulnerable add-on and presume there are more.\nThe unwrapping behavior was a change introduced during Firefox 4\ndevelopment. Firefox 3.6 and earlier versions are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54694", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54752", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751930", "reference_id": "751930", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004", "reference_id": "CVE-2011-3004", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-43", "reference_id": "mfsa2011-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-43" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-3004" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysfu-gcvc-33g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2680?format=api", "vulnerability_id": "VCID-yuz9-ee71-u7fa", "summary": "Security researcher Gregory Fleischer reported\nthat local resources loaded via the file: protocol can\naccess any domain's cookies which have been saved on a user's machine.\nFleischer demonstrated that a local document's domain was being\ncalculated incorrectly from its URL. If a victim could be persuaded\nto download a malicious file and then open that file in their browser,\nthe malicious file could then steal arbitrary cookies from the\nvictim's computer. Due to the interaction required for this attack,\nthe severity of the issue was determined to be moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01548", "scoring_system": "epss", "scoring_elements": "0.81733", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01548", "scoring_system": "epss", "scoring_elements": "0.81767", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503576", "reference_id": "503576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835", "reference_id": "CVE-2009-1835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-26", "reference_id": "mfsa2009-26", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1835" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuz9-ee71-u7fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2661?format=api", "vulnerability_id": "VCID-yvh6-rpbf-mka6", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09167", "scoring_system": "epss", "scoring_elements": "0.92841", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09167", "scoring_system": "epss", "scoring_elements": "0.92853", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488276", "reference_id": "488276", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773", "reference_id": "CVE-2009-0773", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-0773" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yvh6-rpbf-mka6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2342?format=api", "vulnerability_id": "VCID-za9a-ryqw-bfec", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02093", "scoring_system": "epss", "scoring_elements": "0.84347", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02093", "scoring_system": "epss", "scoring_elements": "0.84371", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961", "reference_id": "CVE-2012-3961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3961" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-za9a-ryqw-bfec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2487?format=api", "vulnerability_id": "VCID-zhur-xexp-1faq", "summary": "Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed. The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped. This issue could potentially be used to bypass naive script filtering and used in an XSS attack. This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80342", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80367", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463234", "reference_id": "463234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065", "reference_id": "CVE-2008-4065", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43", "reference_id": "mfsa2008-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4065" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhur-xexp-1faq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2806?format=api", "vulnerability_id": "VCID-zkrh-qw8y-h3dg", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88839", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88856", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700615", "reference_id": "700615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075", "reference_id": "CVE-2011-0075", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2011-0075" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkrh-qw8y-h3dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2372?format=api", "vulnerability_id": "VCID-zm2w-5awq-c7ed", "summary": "Mozilla community member Ms2ger reported a crash due to an\ninvalid cast when using the instanceof operator on certain types of JavaScript\nobjects. This can lead to a potentially exploitable crash.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00854", "scoring_system": "epss", "scoring_elements": "0.75301", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00854", "scoring_system": "epss", "scoring_elements": "0.7533", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3989" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863620", "reference_id": "863620", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989", "reference_id": "CVE-2012-3989", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-80", "reference_id": "mfsa2012-80", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-80" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-3989" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zm2w-5awq-c7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2317?format=api", "vulnerability_id": "VCID-znv2-uacx-gbhy", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02337", "scoring_system": "epss", "scoring_elements": "0.85145", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02337", "scoring_system": "epss", "scoring_elements": "0.85169", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5840" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840", "reference_id": "CVE-2012-5840", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2012-5840" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znv2-uacx-gbhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2170?format=api", "vulnerability_id": "VCID-zp8z-8z1b-3fep", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04113", "scoring_system": "epss", "scoring_elements": "0.88807", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04113", "scoring_system": "epss", "scoring_elements": "0.88824", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2463" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512131", "reference_id": "512131", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463", "reference_id": "CVE-2009-2463", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-2463" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zp8z-8z1b-3fep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2443?format=api", "vulnerability_id": "VCID-zrhf-ryxe-9yca", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02287", "scoring_system": "epss", "scoring_elements": "0.84999", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02287", "scoring_system": "epss", "scoring_elements": "0.85023", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4064" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463204", "reference_id": "463204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463204" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064", "reference_id": "CVE-2008-4064", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2008-4064" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrhf-ryxe-9yca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2639?format=api", "vulnerability_id": "VCID-zx6d-t279-j7aj", "summary": "Security researcher Prateek Saxena reported that a\nmalicious MozSearch plugin could be created using a javascript: URI in\nthe SearchForm value. This URI is used as the default\nlanding page when an empty search is performed. If an attacker could\nget a user to install the malicious plugin and perform an empty\nsearch, the SearchForm javascript: URI would be executed\nwithin the context of the currently open page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75394", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75423", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1310" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496270", "reference_id": "496270", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310", "reference_id": "CVE-2009-1310", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-20", "reference_id": "mfsa2009-20", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2009-1310" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zx6d-t279-j7aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2196?format=api", "vulnerability_id": "VCID-zzu7-b5pp-67g3", "summary": "Security researcher regenrecht reported (via TippingPoint's\nZero Day Initiative) a potential reuse of a deleted image frame in Firefox\n3.6's handling of multipart/x-mixed-replace images. Although\nno exploit was shown, re-use of freed memory has led to exploitable\nvulnerabilities in the past.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07524", "scoring_system": "epss", "scoring_elements": "0.91953", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07524", "scoring_system": "epss", "scoring_elements": "0.91965", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164", "reference_id": "CVE-2010-0164", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-09", "reference_id": "mfsa2010-09", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194332?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194333?format=api", "purl": "pkg:ebuild/dev-libs/nss@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194334?format=api", "purl": "pkg:ebuild/dev-libs/nss@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/194335?format=api", "purl": "pkg:ebuild/dev-libs/nss@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" } ], "aliases": [ "CVE-2010-0164" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzu7-b5pp-67g3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@10.0.11" }