Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/334817?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "type": "ebuild", "namespace": "www-client", "name": "mozilla-firefox-bin", "version": "3.14", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "10.0.11", "latest_non_vulnerable_version": "10.0.11", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2670?format=api", "vulnerability_id": "VCID-114z-7ta8-mqe7", "summary": "Security researcher Gregory Fleischer reported\nthat when an Adobe Flash file is loaded via\nthe view-source: scheme, the Flash plugin misinterprets\nthe origin of the content as localhost, leading to two specific\nvulnerabilities:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01373", "scoring_system": "epss", "scoring_elements": "0.8054", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1307" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263", "reference_id": "496263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307", "reference_id": "CVE-2009-1307", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-17", "reference_id": "mfsa2009-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1307" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-114z-7ta8-mqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2482?format=api", "vulnerability_id": "VCID-12eu-2nge-u3hu", "summary": "Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol. The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.504", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4068" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463248", "reference_id": "463248", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068", "reference_id": "CVE-2008-4068", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44", "reference_id": "mfsa2008-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4068" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12eu-2nge-u3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74197?format=api", "vulnerability_id": "VCID-12q6-5pjj-q7d6", "summary": ": Firefox DoS (crash) via crafted web site that triggers memory consumption", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00947", "scoring_system": "epss", "scoring_elements": "0.76634", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0220" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=579085", "reference_id": "579085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579085" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12q6-5pjj-q7d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2242?format=api", "vulnerability_id": "VCID-13rr-43nj-h7af", "summary": "Mozilla security researcher moz_bug_r_a4 reported that frame\nscripts bypass XPConnect security checks when calling untrusted objects. This\nallows for cross-site scripting (XSS) attacks through web pages and Firefox\nextensions. The fix enables the Script Security Manager (SSM) to force security\nchecks on all frame scripts.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62853", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446", "reference_id": "CVE-2012-0446", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05", "reference_id": "mfsa2012-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0446" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13rr-43nj-h7af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2161?format=api", "vulnerability_id": "VCID-16sb-uhrd-xfaf", "summary": "Mozilla developer Blake Kaplan reported that the \nwindow.location object was made a normal overridable JavaScript object\nin the Firefox 3.6 browser engine (Gecko 1.9.2) because new mechanisms\nwere developed to enforce the same-origin policy between windows and frames.\nThis object is unfortunately also used by some plugins to determine the page\norigin used for access restrictions. A malicious page could override this\nobject to fool a plugin into granting access to data on another site or the\nlocal file system. The behavior of older Firefox versions has been restored.\nThis flaw does not affect earlier versions of Firefox, or other\nprograms such as Thunderbird or SeaMonkey built on older versions\nof the browser engine.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66225", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170", "reference_id": "CVE-2010-0170", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-10", "reference_id": "mfsa2010-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0170" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-16sb-uhrd-xfaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2600?format=api", "vulnerability_id": "VCID-18dk-sq41-5kfp", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04029", "scoring_system": "epss", "scoring_elements": "0.88679", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521686", "reference_id": "521686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070", "reference_id": "CVE-2009-3070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3070" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18dk-sq41-5kfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2297?format=api", "vulnerability_id": "VCID-19ut-3c72-1kfk", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02337", "scoring_system": "epss", "scoring_elements": "0.8511", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4215" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215", "reference_id": "CVE-2012-4215", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4215" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-19ut-3c72-1kfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2870?format=api", "vulnerability_id": "VCID-1m8n-68ks-cqd4", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08708", "scoring_system": "epss", "scoring_elements": "0.92611", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2996" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741903", "reference_id": "741903", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996", "reference_id": "CVE-2011-2996", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36", "reference_id": "mfsa2011-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2996" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1m8n-68ks-cqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2316?format=api", "vulnerability_id": "VCID-1nsv-4xw6-q3bh", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04246", "scoring_system": "epss", "scoring_elements": "0.88966", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973", "reference_id": "CVE-2012-1973", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1973" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nsv-4xw6-q3bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2274?format=api", "vulnerability_id": "VCID-1rgf-x73x-33dk", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent\nis released and oldFocusedContent is used afterwards. This use-after-free could\npossibly allow for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03872", "scoring_system": "epss", "scoring_elements": "0.8843", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1958" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840211", "reference_id": "840211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958", "reference_id": "CVE-2012-1958", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-48", "reference_id": "mfsa2012-48", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1958" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgf-x73x-33dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78287?format=api", "vulnerability_id": "VCID-1ujh-zyv7-cqde", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03757", "scoring_system": "epss", "scoring_elements": "0.88227", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936", "reference_id": "422936", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt", "reference_id": "CVE-2007-2437;OSVDB-34905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt" }, { "reference_url": "https://www.securityfocus.com/bid/23741/info", "reference_id": "CVE-2007-2437;OSVDB-34905", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/23741/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2007-2437" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ujh-zyv7-cqde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2322?format=api", "vulnerability_id": "VCID-1v1p-3xrs-jfgt", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84438", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3958" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958", "reference_id": "CVE-2012-3958", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3958" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v1p-3xrs-jfgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2396?format=api", "vulnerability_id": "VCID-2479-hg85-6qa5", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free while replacing/inserting a node in a document.\nThis use-after-free could possibly allow for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1946", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81102", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1946" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827832", "reference_id": "827832", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946", "reference_id": "CVE-2012-1946", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-38", "reference_id": "mfsa2012-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1946" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2479-hg85-6qa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2634?format=api", "vulnerability_id": "VCID-26q8-bbpg-5fgk", "summary": "Mozilla community member Michael reported that\nwhen a server responds with a Refresh header containing a\njavascript: URI, Firefox will redirect to the javascript: URI. If an\nattacker could inject a Refresh header into a server\nresponse, or could control the value that a site places in\nthe Refresh header, they could use this vulnerability to\nperform an XSS attack and execute arbitrary JavaScript within the\ncontext of that site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05662", "scoring_system": "epss", "scoring_elements": "0.90508", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1312" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496274", "reference_id": "496274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312", "reference_id": "CVE-2009-1312", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt", "reference_id": "CVE-2009-1312;OSVDB-53952", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt" }, { "reference_url": "https://www.securityfocus.com/bid/34656/info", "reference_id": "CVE-2009-1312;OSVDB-53952", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/34656/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-22", "reference_id": "mfsa2009-22", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1312" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26q8-bbpg-5fgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2838?format=api", "vulnerability_id": "VCID-2a9n-tz4u-jyep", "summary": "Ian Graham of Citrix Online reported that when multiple\nLocation headers were present in a redirect response \nMozilla behavior differed from other browsers: Mozilla would use the second\nLocation header while Chrome and Internet Explorer would use\nthe first. Two copies of this header with different values could be a symptom\nof a CRLF injection attack against a vulnerable server. Most commonly it is\nthe Location header itself that is vulnerable to the response\nsplitting and therefore the copy preferred by Mozilla is more likely to be\nthe malicious one. It is possible, however, that the first copy was the\ninjected one depending on the nature of the server vulnerability.\nThe Mozilla browser engine has been changed to treat two copies of this\nheader with different values as an error condition. The same has been done\nwith the headers Content-Length and Content-Disposition", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.80045", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3000" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741905", "reference_id": "741905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000", "reference_id": "CVE-2011-3000", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-39", "reference_id": "mfsa2011-39", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3000" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2a9n-tz4u-jyep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2312?format=api", "vulnerability_id": "VCID-2b7j-hzma-nbfb", "summary": "Security researcher Kaspar Brand found a flaw in how the\nNetwork Security Services (NSS) ASN.1 decoder handles zero length items. Effects\nof this issue depend on the field. One known symptom is an unexploitable crash\nin handling OCSP responses. NSS also mishandles zero-length basic constraints,\nassuming default values for some types that should be rejected as malformed.\nThese issues have been addressed in NSS 3.13.4, which is now being used by\nMozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03581", "scoring_system": "epss", "scoring_elements": "0.8794", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0441" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827833", "reference_id": "827833", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441", "reference_id": "CVE-2012-0441", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-39", "reference_id": "mfsa2012-39", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1090", "reference_id": "RHSA-2012:1090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1091", "reference_id": "RHSA-2012:1091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1091" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" }, { "reference_url": "https://usn.ubuntu.com/1540-1/", "reference_id": "USN-1540-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1540-1/" }, { "reference_url": "https://usn.ubuntu.com/1540-2/", "reference_id": "USN-1540-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1540-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0441" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2b7j-hzma-nbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2196?format=api", "vulnerability_id": "VCID-2bc6-1f4c-fkag", "summary": "Mozilla security researcher moz_bug_r_a4 reports that\nby using an appropriately wrapped object it was possible to bypass the fix\nfor \nMFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability\nto perform cross-site scripting attacks against arbitrary sites as in the\noriginal MFSA 2007-19 attack. Due to unrelated changes in the browser engine\nused by Firefox 3.6, attacks in that version are limited to capturing keystroke\nevents from a cross-origin frame or window rather than full DOM access.\nThose events might be sufficient to illicitly obtain passwords\nor other sensitive information entered into web forms.\nThunderbird does not allow JavaScript to run in mail\nmessages, but users who open web content (such as RSS feeds, or other\ncontent through add-ons) could be at risk.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.67136", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0171" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576696", "reference_id": "576696", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171", "reference_id": "CVE-2010-0171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12", "reference_id": "mfsa2010-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bc6-1f4c-fkag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2474?format=api", "vulnerability_id": "VCID-2e82-n7c1-5kc3", "summary": "Marius Schilder of Google Security reported that\nwhen a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR. Cookies marked HttpOnly were not readable, but\nother potentially sensitive data could be revealed in the XHR response\nincluding URL parameters and content in the response body.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67177", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5506" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476278", "reference_id": "476278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506", "reference_id": "CVE-2008-5506", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-64", "reference_id": "mfsa2008-64", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5506" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2e82-n7c1-5kc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2178?format=api", "vulnerability_id": "VCID-2j5j-gpjs-ubfp", "summary": "Matt Haggard reported that\nthe statusText property of an XMLHttpRequest\nobject is readable by the requester even when the request is made\nacross origins. This status information reveals the presence of a web\nserver and could be used to gather information about servers on\ninternal private networks.This issue was also independently reported to Mozilla\nby Nicholas Berthaume", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00878", "scoring_system": "epss", "scoring_elements": "0.75643", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630078", "reference_id": "630078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764", "reference_id": "CVE-2010-2764", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-63", "reference_id": "mfsa2010-63", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2764" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2j5j-gpjs-ubfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2856?format=api", "vulnerability_id": "VCID-2pzu-trgn-cfgj", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\nthe problem described in MFSA 2011-43 and fixed in\nFirefox 7 also affected Firefox 3.6: a malicious page could potentially\nexploit a Firefox user who had installed an add-on that used loadSubscript\nin vulnerable ways.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00769", "scoring_system": "epss", "scoring_elements": "0.73803", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3647" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751931", "reference_id": "751931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647", "reference_id": "CVE-2011-3647", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-46", "reference_id": "mfsa2011-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1437", "reference_id": "RHSA-2011:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1439", "reference_id": "RHSA-2011:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1439" }, { "reference_url": "https://usn.ubuntu.com/1251-1/", "reference_id": "USN-1251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1251-1/" }, { "reference_url": "https://usn.ubuntu.com/1254-1/", "reference_id": "USN-1254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1254-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3647" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2pzu-trgn-cfgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2665?format=api", "vulnerability_id": "VCID-2r2b-3wt6-wuh2", "summary": "Mozilla security researcher moz_bug_r_a4 reported\na series of vulnerabilities in which objects that normally receive\na XPCCrossOriginWrapper are constructed without the\nwrapper. This can lead to cases where JavaScript from one website may\nunsafely access properties of such an object which had been set by a\ndifferent website. A malicious website could use this vulnerability\nto launch a XSS attack and run arbitrary JavaScript within the context\nof another site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.7233", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2472" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512147", "reference_id": "512147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472", "reference_id": "CVE-2009-2472", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-40", "reference_id": "mfsa2009-40", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2472" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2r2b-3wt6-wuh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2810?format=api", "vulnerability_id": "VCID-2tsg-45kt-nycb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05475", "scoring_system": "epss", "scoring_elements": "0.90338", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0084" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730519", "reference_id": "730519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084", "reference_id": "CVE-2011-0084", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1166", "reference_id": "RHSA-2011:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1166" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0084" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tsg-45kt-nycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2387?format=api", "vulnerability_id": "VCID-2u4r-fn32-n7d3", "summary": "Security researcher Mariusz Mlynski reported that when a\npage opens a new tab, a subsequent window can then be opened that can be\nnavigated to about:newtab, a chrome privileged page. Once\nabout:newtab is loaded, the special context can potentially be used\nto escalate privilege, allowing for arbitrary code execution on the local system\nin a maliciously crafted attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01126", "scoring_system": "epss", "scoring_elements": "0.78596", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851916", "reference_id": "851916", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965", "reference_id": "CVE-2012-3965", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-60", "reference_id": "mfsa2012-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-60" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3965" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2u4r-fn32-n7d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2032?format=api", "vulnerability_id": "VCID-2vaj-7wrh-juhc", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04573", "scoring_system": "epss", "scoring_elements": "0.89379", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829", "reference_id": "CVE-2012-5829", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-02", "reference_id": "mfsa2013-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" }, { "reference_url": "https://usn.ubuntu.com/1681-1/", "reference_id": "USN-1681-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1681-1/" }, { "reference_url": "https://usn.ubuntu.com/1681-2/", "reference_id": "USN-1681-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1681-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5829" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vaj-7wrh-juhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88950?format=api", "vulnerability_id": "VCID-3149-34hy-pqds", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81314", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3073" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2007-3073" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3149-34hy-pqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2164?format=api", "vulnerability_id": "VCID-36bj-gja7-gkch", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26203", "scoring_system": "epss", "scoring_elements": "0.96386", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166", "reference_id": "CVE-2010-0166", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html", "reference_id": "CVE-2010-0166;OSVDB-63266", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html" }, { "reference_url": "https://www.securityfocus.com/bid/38943/info", "reference_id": "CVE-2010-0166;OSVDB-63266", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/38943/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0166" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36bj-gja7-gkch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2234?format=api", "vulnerability_id": "VCID-37t5-vgwu-yqe1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02016", "scoring_system": "epss", "scoring_elements": "0.84019", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3995" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995", "reference_id": "CVE-2012-3995", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3995" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37t5-vgwu-yqe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2383?format=api", "vulnerability_id": "VCID-3ap9-a2as-q7hd", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81192", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109", "reference_id": "803109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462", "reference_id": "CVE-2012-0462", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0462" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ap9-a2as-q7hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2281?format=api", "vulnerability_id": "VCID-3bx3-fn1g-4kbh", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01281", "scoring_system": "epss", "scoring_elements": "0.7989", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1952" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952", "reference_id": "CVE-2012-1952", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1952" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3bx3-fn1g-4kbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2203?format=api", "vulnerability_id": "VCID-3cum-vygx-wfae", "summary": "Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability. The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created. When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07986", "scoring_system": "epss", "scoring_elements": "0.92207", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615464", "reference_id": "615464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752", "reference_id": "CVE-2010-2752", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py", "reference_id": "CVE-2010-2752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-39", "reference_id": "mfsa2010-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2752" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cum-vygx-wfae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2580?format=api", "vulnerability_id": "VCID-3g7q-89gg-hkb5", "summary": "Mozilla developer Daniel Veditz reported that when\nthe jar: scheme is used to wrap a URI which serves the\ncontent with Content-Disposition: attachment, the HTTP\nheader is ignored and the content is unpacked and displayed inline. A\nsite may depend on this HTTP header to prevent potentially untrusted\ncontent that it serves from executing within the context of the site.\nAn attacker could use this vulnerability to subvert sites using this\nmechanism to mitigate content injection attacks.This vulnerability has not been fixed on the Mozilla 1.8.1 branch,\nwhich is used to build Firefox 2 and Thunderbird 2. However, note\nthat there are several mitigating factors which prevent easy\nexploitation of this issue. In order for a website to be exploitable\nit must:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1306", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83277", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1306" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262", "reference_id": "496262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306", "reference_id": "CVE-2009-1306", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-16", "reference_id": "mfsa2009-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1306" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3g7q-89gg-hkb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2422?format=api", "vulnerability_id": "VCID-3gwb-npby-tbek", "summary": "Justin Schuh and Tom Cross of the\nIBM X-Force and Peter Williams of IBM Watson Labs reported\nerrors in Mozilla URL parsing routines. These errors could be exploited\nusing a specially crafted UTF-8 URL in a hyperlink which could overflow\na stack buffer and allow an attacker to execute arbitrary code.Firefox 3 is not affected by this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48604", "scoring_system": "epss", "scoring_elements": "0.978", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463181", "reference_id": "463181", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016", "reference_id": "CVE-2008-0016", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py", "reference_id": "CVE-2008-0016;OSVDB-48780", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-37", "reference_id": "mfsa2008-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-0016" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gwb-npby-tbek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2378?format=api", "vulnerability_id": "VCID-3jng-4mfe-q7a5", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03612", "scoring_system": "epss", "scoring_elements": "0.87982", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1939" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939", "reference_id": "CVE-2012-1939", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1939" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jng-4mfe-q7a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2577?format=api", "vulnerability_id": "VCID-3maa-g3v4-eqc4", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03426", "scoring_system": "epss", "scoring_elements": "0.87665", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512135", "reference_id": "512135", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465", "reference_id": "CVE-2009-2465", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2465" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3maa-g3v4-eqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74260?format=api", "vulnerability_id": "VCID-3mbe-hcw2-ayfc", "summary": "firefox 3.5 various flaws", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04071", "scoring_system": "epss", "scoring_elements": "0.88731", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228", "reference_id": "511228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py", "reference_id": "OSVDB-55932;CVE-2009-2478", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2478" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mbe-hcw2-ayfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2442?format=api", "vulnerability_id": "VCID-3qjw-kmzd-hubj", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects. moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object. These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0348", "scoring_system": "epss", "scoring_elements": "0.87773", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463190", "reference_id": "463190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463190" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058", "reference_id": "CVE-2008-4058", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41", "reference_id": "mfsa2008-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4058" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qjw-kmzd-hubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2243?format=api", "vulnerability_id": "VCID-3rmk-5j6r-sydb", "summary": "Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00577", "scoring_system": "epss", "scoring_elements": "0.69128", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4208" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877627", "reference_id": "877627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208", "reference_id": "CVE-2012-4208", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-99", "reference_id": "mfsa2012-99", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-99" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rmk-5j6r-sydb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2379?format=api", "vulnerability_id": "VCID-3rsc-9zzp-qfeh", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01723", "scoring_system": "epss", "scoring_elements": "0.82716", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1937" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937", "reference_id": "CVE-2012-1937", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1937" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rsc-9zzp-qfeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71853?format=api", "vulnerability_id": "VCID-3tx3-d3d3-k3gh", "summary": "firefox: doesn't (re)validate certificates when loading HTTPS page", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62515", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0082" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=709165", "reference_id": "709165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709165" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0082" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tx3-d3d3-k3gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2267?format=api", "vulnerability_id": "VCID-3uq6-mbus-sudu", "summary": "Mateusz Jurczyk of the Google Security Team discovered an\noff-by-one error in the OpenType Sanitizer using the Address Sanitizer tool.\nThis can lead to an out-of-bounds read and execution of an uninitialized\nfunction pointer during parsing and possible remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02392", "scoring_system": "epss", "scoring_elements": "0.85282", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815042", "reference_id": "815042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062", "reference_id": "CVE-2011-3062", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062" }, { "reference_url": "https://security.gentoo.org/glsa/201203-24", "reference_id": "GLSA-201203-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-24" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-31", "reference_id": "mfsa2012-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3062" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3uq6-mbus-sudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2781?format=api", "vulnerability_id": "VCID-413h-nkvf-wbck", "summary": "Mark Kaplan reported a potentially exploitable crash due to\ninteger underflow when using a large JavaScript RegExp expression.\nWe would also like to thank Mark for contributing the fix for this problem.\nThe Regular Expression engine was replaced in Firefox 4 and\nthe newer engine does not suffer from this bug.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03711", "scoring_system": "epss", "scoring_elements": "0.88167", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2998" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741924", "reference_id": "741924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998", "reference_id": "CVE-2011-2998", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-37", "reference_id": "mfsa2011-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1343", "reference_id": "RHSA-2011:1343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1344", "reference_id": "RHSA-2011:1344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1344" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2998" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-413h-nkvf-wbck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88957?format=api", "vulnerability_id": "VCID-43ch-bzjt-1ycr", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70725", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3399" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3399" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43ch-bzjt-1ycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2326?format=api", "vulnerability_id": "VCID-43q7-k9by-2uhh", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04219", "scoring_system": "epss", "scoring_elements": "0.88933", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962", "reference_id": "CVE-2012-3962", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3962" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43q7-k9by-2uhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2470?format=api", "vulnerability_id": "VCID-457x-cvps-5kbr", "summary": "Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed. The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped. This issue could potentially be used to bypass naive script filtering and used in an XSS attack. This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80311", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463234", "reference_id": "463234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065", "reference_id": "CVE-2008-4065", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43", "reference_id": "mfsa2008-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4065" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-457x-cvps-5kbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2269?format=api", "vulnerability_id": "VCID-477c-8h5g-nqha", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78386", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5842" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877614", "reference_id": "877614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842", "reference_id": "CVE-2012-5842", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91", "reference_id": "mfsa2012-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5842" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-477c-8h5g-nqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2299?format=api", "vulnerability_id": "VCID-479a-zv6z-2feu", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02828", "scoring_system": "epss", "scoring_elements": "0.86418", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839", "reference_id": "CVE-2012-5839", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5839" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-479a-zv6z-2feu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2318?format=api", "vulnerability_id": "VCID-47rg-f2g6-hyff", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87451", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975", "reference_id": "CVE-2012-1975", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1975" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47rg-f2g6-hyff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2853?format=api", "vulnerability_id": "VCID-48bp-txah-9qbh", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02514", "scoring_system": "epss", "scoring_elements": "0.8564", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2365" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365", "reference_id": "CVE-2011-2365", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2365" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48bp-txah-9qbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2785?format=api", "vulnerability_id": "VCID-48rt-hx1w-p7ct", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88824", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700642", "reference_id": "700642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700642" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069", "reference_id": "CVE-2011-0069", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0069" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48rt-hx1w-p7ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2462?format=api", "vulnerability_id": "VCID-4bey-3rug-uuev", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in nsXMLDocument::OnChannelRedirect()\ncould be bypassed. This vulnerability could be used to execute JavaScript\nin the context of a different website.Firefox 3 is not affected by this issueThunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30833", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463182", "reference_id": "463182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463182" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835", "reference_id": "CVE-2008-3835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-38", "reference_id": "mfsa2008-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-3835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bey-3rug-uuev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2240?format=api", "vulnerability_id": "VCID-4ch9-f2dm-17f1", "summary": "Security researcher Masato Kinugawa found that during the\ndecoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024\nbytes are treated incorrectly, either doubling or deleting bytes. On certain\npages it might be possible for an attacker to pad the output of the page such\nthat these errors fall in the right place to affect the structure of the page,\nallowing for cross-site script (XSS) injection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72828", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815026", "reference_id": "815026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477", "reference_id": "CVE-2012-0477", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-29", "reference_id": "mfsa2012-29", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0477" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ch9-f2dm-17f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2661?format=api", "vulnerability_id": "VCID-4fs2-bedf-wbg3", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06664", "scoring_system": "epss", "scoring_elements": "0.9136", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1304" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496255", "reference_id": "496255", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304", "reference_id": "CVE-2009-1304", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1304" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4fs2-bedf-wbg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2213?format=api", "vulnerability_id": "VCID-4fvg-h8g2-uqhk", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03871", "scoring_system": "epss", "scoring_elements": "0.88428", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615455", "reference_id": "615455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211", "reference_id": "CVE-2010-1211", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34", "reference_id": "mfsa2010-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1211" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4fvg-h8g2-uqhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2865?format=api", "vulnerability_id": "VCID-4hm6-cvca-q3dz", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05626", "scoring_system": "epss", "scoring_elements": "0.90474", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0066" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700657", "reference_id": "700657", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066", "reference_id": "CVE-2011-0066", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0066" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hm6-cvca-q3dz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2235?format=api", "vulnerability_id": "VCID-4khp-3yca-efa6", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06071", "scoring_system": "epss", "scoring_elements": "0.90885", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179", "reference_id": "CVE-2012-4179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4179" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4khp-3yca-efa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2604?format=api", "vulnerability_id": "VCID-4mej-pecf-mba2", "summary": "Firefox user zbyte reported a crash that we determined\ncould result in an exploitable memory corruption problem. In certain cases\nafter a return from a native function, such as escape(), the\nJust-in-Time (JIT) compiler could get into a corrupt state. This could be\nexploited by an attacker to run arbitrary code such as installing malware.\nWe would like to thank community members Lucas\nKruijswijk and Nochum Sossonko for isolating\nthe problematic script from the original crashing site.\nThis vulnerability does not affect earlier versions of Firefox which\ndo not support the JIT feature.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83306", "scoring_system": "epss", "scoring_elements": "0.99287", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228", "reference_id": "511228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477", "reference_id": "CVE-2009-2477", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html", "reference_id": "CVE-2009-2477", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html" }, { "reference_url": "https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/", "reference_id": "CVE-2009-2477", "reference_type": "exploit", "scores": [], "url": "https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb", "reference_id": "CVE-2009-2477;OSVDB-55846", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl", "reference_id": "CVE-2009-2477;OSVDB-55846", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-41", "reference_id": "mfsa2009-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-41" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html", "reference_id": "OSVDB-55932;CVE-2009-2478;OSVDB-55846;CVE-2009-2477", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2477" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mej-pecf-mba2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2329?format=api", "vulnerability_id": "VCID-4q1f-9mtr-4ufm", "summary": "Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. \nFirefox 9 and earlier are not affected by this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.83103", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0452" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=789506", "reference_id": "789506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452", "reference_id": "CVE-2012-0452", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-10", "reference_id": "mfsa2012-10", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-10" }, { "reference_url": "https://usn.ubuntu.com/1360-1/", "reference_id": "USN-1360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1360-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0452" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4q1f-9mtr-4ufm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2391?format=api", "vulnerability_id": "VCID-4qgz-6wnq-s3b8", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03101", "scoring_system": "epss", "scoring_elements": "0.87027", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840201", "reference_id": "840201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948", "reference_id": "CVE-2012-1948", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42", "reference_id": "mfsa2012-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1948" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qgz-6wnq-s3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2874?format=api", "vulnerability_id": "VCID-4s1y-4wue-qkdj", "summary": "Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70993", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413", "reference_id": "617413", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386", "reference_id": "684386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202", "reference_id": "CVE-2011-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18", "reference_id": "mfsa2011-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-1202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4s1y-4wue-qkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2613?format=api", "vulnerability_id": "VCID-4uw5-jy37-47g7", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89711", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3379" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=531765", "reference_id": "531765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531765" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379", "reference_id": "CVE-2009-3379", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1561", "reference_id": "RHSA-2009:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1561" }, { "reference_url": "https://usn.ubuntu.com/861-1/", "reference_id": "USN-861-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/861-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3379" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4uw5-jy37-47g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2289?format=api", "vulnerability_id": "VCID-4vcw-dt9x-wqdd", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75919", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635", "reference_id": "877635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835", "reference_id": "CVE-2012-5835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vcw-dt9x-wqdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2592?format=api", "vulnerability_id": "VCID-4vst-t6ee-4yay", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1037", "scoring_system": "epss", "scoring_elements": "0.93322", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1832" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503569", "reference_id": "503569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832", "reference_id": "CVE-2009-1832", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1832" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vst-t6ee-4yay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2135?format=api", "vulnerability_id": "VCID-4w5k-qnky-ybdy", "summary": "Security researcher Sergey Glazunov reported that\nit was possible to access the locationbar property of\na window object after it had been closed. Since the\nclosed window's memory could have been subsequently\nreused by the system it was possible that an attempt to access\nthe locationbar property could result in the execution of\nattacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.903", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642283", "reference_id": "642283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180", "reference_id": "CVE-2010-3180", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-66", "reference_id": "mfsa2010-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-66" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0780", "reference_id": "RHSA-2010:0780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3180" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4w5k-qnky-ybdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2124?format=api", "vulnerability_id": "VCID-4wrh-r3y9-kyb2", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a select event handler for XUL\ntree items could be called after the tree item was deleted. This\nresults in the execution of previously freed memory which an attacker\ncould use to crash a victim's browser and run arbitrary code on the\nvictim's computer.This vulnerability does not affect Firefox 3.6", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06689", "scoring_system": "epss", "scoring_elements": "0.91381", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578149", "reference_id": "578149", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175", "reference_id": "CVE-2010-0175", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-17", "reference_id": "mfsa2010-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0175" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wrh-r3y9-kyb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2125?format=api", "vulnerability_id": "VCID-4yrw-kmpa-z7dz", "summary": "Security researcher wushi of team509 reported that\nwhen a XUL tree had an HTML <div> element nested inside a\n<treechildren> element then code attempting to display content\nin the XUL tree would incorrectly treat the <div> element as a\nparent node to tree content underneath it resulting in incorrect\nindexes being calculated for the child content. These incorrect\nindexes were used in subsequent array operations which resulted in\nwriting data past the end of an allocated buffer. An attacker could\nuse this issue to crash a victim's browser and run arbitrary code on\ntheir machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.903", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660419", "reference_id": "660419", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772", "reference_id": "CVE-2010-3772", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-77", "reference_id": "mfsa2010-77", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-77" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0968", "reference_id": "RHSA-2010:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0968" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3772" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yrw-kmpa-z7dz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2355?format=api", "vulnerability_id": "VCID-53t6-ecve-13g2", "summary": "Mozilla community member Ms2ger reported a crash due to an\ninvalid cast when using the instanceof operator on certain types of JavaScript\nobjects. This can lead to a potentially exploitable crash.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00854", "scoring_system": "epss", "scoring_elements": "0.75249", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3989" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863620", "reference_id": "863620", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989", "reference_id": "CVE-2012-3989", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-80", "reference_id": "mfsa2012-80", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-80" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3989" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53t6-ecve-13g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2359?format=api", "vulnerability_id": "VCID-55j1-htng-9ydy", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG found a heap corruption in gfxImageSurface which\nallows for invalid frees and possible remote code execution. This happens due to\nfloat error, resulting from graphics values being passed through different\nnumber systems.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05707", "scoring_system": "epss", "scoring_elements": "0.90551", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815020", "reference_id": "815020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470", "reference_id": "CVE-2012-0470", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-23", "reference_id": "mfsa2012-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0470" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-55j1-htng-9ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2160?format=api", "vulnerability_id": "VCID-58ej-gc1s-t7ha", "summary": "Security researcher Evgeny Legerov of Intevydis\nreported that the WOFF decoder contains an integer overflow in a\nfont decompression routine. This flaw could result in too small a\nmemory buffer being allocated to store a downloadable font. An\nattacker could use this vulnerability to crash a victim's browser\nand execute arbitrary code on his/her system.Support for the WOFF downloadable font format\nis new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect\nproducts built on earlier versions of the Mozilla browser engine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09896", "scoring_system": "epss", "scoring_elements": "0.93128", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1028" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566596", "reference_id": "566596", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566596" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085", "reference_id": "787085", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028", "reference_id": "CVE-2010-1028", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08", "reference_id": "mfsa2010-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1028" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58ej-gc1s-t7ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2117?format=api", "vulnerability_id": "VCID-58qe-8axq-u3ad", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat when content script which is running in a chrome context accesses\na content object via SJOW, the content code can gain access to an\nobject from the chrome scope and use that object to run arbitrary\nJavaScript with chrome privileges.Firefox 3.5 and other Mozilla products built from\nGecko 1.9.1 were not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65561", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1215" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615463", "reference_id": "615463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615463" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215", "reference_id": "CVE-2010-1215", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38", "reference_id": "mfsa2010-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1215" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58qe-8axq-u3ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2202?format=api", "vulnerability_id": "VCID-5d21-y9nj-cqgm", "summary": "Mozilla added the OTS\nfont sanitizing library to prevent downloadable fonts from exposing\nvulnerabilities in the underlying OS font code. This library mitigates\nagainst several issues independently reported by Red Hat Security\nResponse Team member Marc Schoenefeld and Mozilla\nsecurity researcher Christoph Diehl.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06139", "scoring_system": "epss", "scoring_elements": "0.90944", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420", "reference_id": "660420", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768", "reference_id": "CVE-2010-3768", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-78", "reference_id": "mfsa2010-78", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-78" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0969", "reference_id": "RHSA-2010:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0969" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3768" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5d21-y9nj-cqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2295?format=api", "vulnerability_id": "VCID-5d9g-kv5g-27d2", "summary": "Using the Address Sanitizer tool, security researcher Aki\nHelin from OUSPG found that IDBKeyRange of indexedDB remains in the\nXPConnect hashtable instead of being unlinked before being destroyed. When it is\ndestroyed, this causes a use-after-free, which is potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17081", "scoring_system": "epss", "scoring_elements": "0.95105", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0469" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815019", "reference_id": "815019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469", "reference_id": "CVE-2012-0469", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-22", "reference_id": "mfsa2012-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0469" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5d9g-kv5g-27d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2148?format=api", "vulnerability_id": "VCID-5e33-3pm6-b7e4", "summary": "Security researcher Alin Rad Pop of Secunia\nResearch reported that the HTML parser incorrectly freed used memory\nwhen insufficient space was available to process remaining input.\nUnder such circumstances, memory occupied by in-use objects was freed\nand could later be filled with attacker-controlled text. These\nconditions could result in the execution or arbitrary code if methods\non the freed objects were subsequently called.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91662", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1571" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566050", "reference_id": "566050", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566050" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571", "reference_id": "CVE-2009-1571", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-03", "reference_id": "mfsa2010-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1571" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5e33-3pm6-b7e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2222?format=api", "vulnerability_id": "VCID-5eu6-8wqn-8udn", "summary": "Security researchers Nicolas Grégoire and Aki\nHelin independently reported that when processing a malformed\nembedded XSLT stylesheet, Firefox can crash due to a memory corruption.\nWhile there is no evidence that this is directly exploitable, there is\na possibility of remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03949", "scoring_system": "epss", "scoring_elements": "0.88544", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0449" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=785966", "reference_id": "785966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449", "reference_id": "CVE-2012-0449", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-08", "reference_id": "mfsa2012-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0449" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5eu6-8wqn-8udn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72000?format=api", "vulnerability_id": "VCID-5h1q-1cv5-s3b8", "summary": "firefox: information leak due to XSLT", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56242", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1712" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=697732", "reference_id": "697732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=697732" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-1712" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5h1q-1cv5-s3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2876?format=api", "vulnerability_id": "VCID-5jra-q7ve-d3h8", "summary": "Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03926", "scoring_system": "epss", "scoring_elements": "0.88511", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652", "reference_id": "CVE-2011-3652", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48", "reference_id": "mfsa2011-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3652" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jra-q7ve-d3h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2127?format=api", "vulnerability_id": "VCID-5mat-a9vu-nfff", "summary": "Google security researcher Robert Swiecki reported\nthat functions used by the Gopher parser to convert text to HTML tags\ncould be exploited to turn text into executable JavaScript. If an\nattacker could create a file or directory on a Gopher server with the\nencoded script as part of its name the script would then run in a\nvictim's browser within the context of the site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72828", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642290", "reference_id": "642290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177", "reference_id": "CVE-2010-3177", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-68", "reference_id": "mfsa2010-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3177" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mat-a9vu-nfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2365?format=api", "vulnerability_id": "VCID-5ms1-cy9k-2fdb", "summary": "Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01678", "scoring_system": "epss", "scoring_elements": "0.82475", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=865286", "reference_id": "865286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191", "reference_id": "CVE-2012-4191", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88", "reference_id": "mfsa2012-88", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88" }, { "reference_url": "https://usn.ubuntu.com/1608-1/", "reference_id": "USN-1608-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1608-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4191" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ms1-cy9k-2fdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2292?format=api", "vulnerability_id": "VCID-5p1r-wxng-wbaj", "summary": "Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02253", "scoring_system": "epss", "scoring_elements": "0.84862", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4204" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877624", "reference_id": "877624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204", "reference_id": "CVE-2012-4204", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-96", "reference_id": "mfsa2012-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-96" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4204" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p1r-wxng-wbaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2331?format=api", "vulnerability_id": "VCID-5ppx-c568-kkc6", "summary": "Security researcher Soroush Dalili reported that a\ncombination of invoking full screen mode and navigating backwards in history\ncould, in some circumstances, cause a hang or crash due to a timing dependent\nuse-after-free pointer reference. This crash may be potentially exploitable.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0399", "scoring_system": "epss", "scoring_elements": "0.88604", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863619", "reference_id": "863619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988", "reference_id": "CVE-2012-3988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-79", "reference_id": "mfsa2012-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3988" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ppx-c568-kkc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2362?format=api", "vulnerability_id": "VCID-5px5-rt4z-b7fs", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05074", "scoring_system": "epss", "scoring_elements": "0.89937", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3969" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922", "reference_id": "851922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969", "reference_id": "CVE-2012-3969", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63", "reference_id": "mfsa2012-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3969" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5px5-rt4z-b7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2872?format=api", "vulnerability_id": "VCID-5q44-hdc9-tqb1", "summary": "Security researcher Christian Holler reported that\nthe JavaScript engine's internal mapping of string values contained an\nerror in cases where the number of values being stored was above 64K.\nIn such cases an offset pointer was manually moved forwards and\nbackwards to access the larger address space. If an exception was\nthrown between the time that the offset pointer was moved forward and\nthe time it was reset, then the exception object would be read from an\ninvalid memory address, potentially executing attacker-controlled\nmemory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09158", "scoring_system": "epss", "scoring_elements": "0.92814", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0056" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675092", "reference_id": "675092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056", "reference_id": "CVE-2011-0056", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-05", "reference_id": "mfsa2011-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0056" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5q44-hdc9-tqb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2637?format=api", "vulnerability_id": "VCID-5ua9-4mhs-zkdj", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04649", "scoring_system": "epss", "scoring_elements": "0.89464", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546713", "reference_id": "546713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981", "reference_id": "CVE-2009-3981", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3981" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ua9-4mhs-zkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2867?format=api", "vulnerability_id": "VCID-5uyz-ue98-kkbt", "summary": "Marc Schoenefeld reported a crash when using Firebug\nto profile a JavaScript file with many functions. It may be possible\nto trigger this crash without the use of debugging APIs, and if so\nthis could be exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01271", "scoring_system": "epss", "scoring_elements": "0.79829", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3650" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751933", "reference_id": "751933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650", "reference_id": "CVE-2011-3650", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-49", "reference_id": "mfsa2011-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1437", "reference_id": "RHSA-2011:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1439", "reference_id": "RHSA-2011:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1439" }, { "reference_url": "https://usn.ubuntu.com/1251-1/", "reference_id": "USN-1251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1251-1/" }, { "reference_url": "https://usn.ubuntu.com/1254-1/", "reference_id": "USN-1254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1254-1/" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3650" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5uyz-ue98-kkbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2386?format=api", "vulnerability_id": "VCID-5v52-h1rp-13bx", "summary": "Firefox prevents the dropping of javascript: links onto a frame\nto prevent malicious sites from tricking users into performing a cross-site\nscripting (XSS) attacks on themselves. Security researcher Soroush\nDalili reported a way to bypass this protection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0455", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01144", "scoring_system": "epss", "scoring_elements": "0.78748", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0455" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803119", "reference_id": "803119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455", "reference_id": "CVE-2012-0455", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-13", "reference_id": "mfsa2012-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0455" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5v52-h1rp-13bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2796?format=api", "vulnerability_id": "VCID-5vwk-nwpu-gfhw", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08433", "scoring_system": "epss", "scoring_elements": "0.92462", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675083", "reference_id": "675083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675083" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062", "reference_id": "CVE-2011-0062", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01", "reference_id": "mfsa2011-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0062" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vwk-nwpu-gfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2836?format=api", "vulnerability_id": "VCID-5x9v-qerc-37gg", "summary": "Security researcher Aki Helin reported a crash\nin the YARR regular expression library that could be triggered by\njavascript in web content.\nThe YARR library was not used in older versions of\nthe Mozilla browser engine. This vulnerability does not affect\nFirefox 3.6 or Thunderbird 3.1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04527", "scoring_system": "epss", "scoring_elements": "0.89333", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661", "reference_id": "CVE-2011-3661", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-54", "reference_id": "mfsa2011-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-54" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3661" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5x9v-qerc-37gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2463?format=api", "vulnerability_id": "VCID-5xwh-7b2a-uydt", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nvulnerabilities in the session-restore feature by which content could be\ninjected into an incorrect document storage location, including\nstorage locations for other domains. An attacker could utilize these\nissues to violate the browser's same-origin policy and perform an XSS\nattack while SessionStore data is being restored.moz_bug_r_a4 also reported that one variant could be used by an\nattacker to run arbitrary JavaScript with chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78291", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476289", "reference_id": "476289", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476289" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513", "reference_id": "CVE-2008-5513", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-69", "reference_id": "mfsa2008-69", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5513" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xwh-7b2a-uydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2878?format=api", "vulnerability_id": "VCID-61aa-8jww-jbb5", "summary": "Security researcher Jordi Chancel reported that a\nJPEG image could be constructed that would be decoded incorrectly,\ncausing data to be written past the end of a buffer created to store\nthe image. An attacker could potentially craft such an image that\nwould cause malicious code to be stored in memory and then later\nexecuted on a victim's computer.Firefox 3.5 was not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03978", "scoring_system": "epss", "scoring_elements": "0.88592", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675095", "reference_id": "675095", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061", "reference_id": "CVE-2011-0061", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-09", "reference_id": "mfsa2011-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-61aa-8jww-jbb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2210?format=api", "vulnerability_id": "VCID-6217-dck9-hqht", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a\nmalicious NodeFilter could be created which would detach\nnodes from the DOM tree while it was being traversed. The use of a\ndetached and subsequently deleted node could result in the execution\nof attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02213", "scoring_system": "epss", "scoring_elements": "0.84732", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1209" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615459", "reference_id": "615459", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209", "reference_id": "CVE-2010-1209", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-36", "reference_id": "mfsa2010-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6217-dck9-hqht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2814?format=api", "vulnerability_id": "VCID-64g4-tpfq-7qf4", "summary": "Security researcher Martin Barbella reported that\nunder certain conditions, viewing a XUL document while JavaScript was\ndisabled caused deleted memory to be accessed. This flaw could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.XUL document support was disabled by default in\nFirefox 4 and SeaMonkey 2.1 and users of those versions are not generally\nat risk. It is possible for add-ons to re-enable the feature for specific\nsites (for example, to support a legacy intranet XUL application) which would\nhave introduced this vulnerability while browsing those sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03792", "scoring_system": "epss", "scoring_elements": "0.88273", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2373" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714577", "reference_id": "714577", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373", "reference_id": "CVE-2011-2373", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-20", "reference_id": "mfsa2011-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64g4-tpfq-7qf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2177?format=api", "vulnerability_id": "VCID-6bkj-wqzq-5bgs", "summary": "Security researcher Chris Rohlf of Matasano\nSecurity reported that the implementation of the HTML frameset element\ncontained an integer overflow vulnerability. The code responsible for\nparsing the frameset columns used an 8-byte counter for the column\nnumbers, so when a very large number of columns was passed in the\ncounter would overflow. When this counter was subsequently used to\nallocate memory for the frameset, the memory buffer would be too\nsmall, potentially resulting in a heap buffer overflow and execution\nof attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04021", "scoring_system": "epss", "scoring_elements": "0.88655", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630056", "reference_id": "630056", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765", "reference_id": "CVE-2010-2765", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-50", "reference_id": "mfsa2010-50", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2765" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bkj-wqzq-5bgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2185?format=api", "vulnerability_id": "VCID-6chh-16fh-p3a4", "summary": "Security researcher O. Andersen reported that\nundefined positions within various 8 bit character encodings are\nmapped to the sequence U+FFFD which when displayed causes the\nimmediately following character to disappear from the text run. This\ncould potentially contribute to XSS problems on sites which expected\nextra characters to be present within strings being sanitized on the\nserver.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58482", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615474", "reference_id": "615474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210", "reference_id": "CVE-2010-1210", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-44", "reference_id": "mfsa2010-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6chh-16fh-p3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2156?format=api", "vulnerability_id": "VCID-6cxk-w6ct-2qcp", "summary": "Security researcher Sergey Glazunov reported a\ndangling pointer vulnerability in the implementation\nof navigator.plugins in which the navigator\nobject could retain a pointer to the plugins array even after it had\nbeen destroyed. An attacker could potentially use this issue to crash\nthe browser and run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0476", "scoring_system": "epss", "scoring_elements": "0.89611", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630059", "reference_id": "630059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767", "reference_id": "CVE-2010-2767", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-51", "reference_id": "mfsa2010-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2767" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cxk-w6ct-2qcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2225?format=api", "vulnerability_id": "VCID-6ewf-t4h5-jyaf", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6957", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3967" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920", "reference_id": "851920", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967", "reference_id": "CVE-2012-3967", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62", "reference_id": "mfsa2012-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3967" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ewf-t4h5-jyaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2432?format=api", "vulnerability_id": "VCID-6f2s-hecz-2yha", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04539", "scoring_system": "epss", "scoring_elements": "0.89346", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476267", "reference_id": "476267", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501", "reference_id": "CVE-2008-5501", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60", "reference_id": "mfsa2008-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5501" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6f2s-hecz-2yha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2128?format=api", "vulnerability_id": "VCID-6m78-bdd6-vfgw", "summary": "Security researcher Gregory Fleischer reported\nthat when a Java LiveConnect script was loaded via\na data: URL which redirects via a meta refresh, then the\nresulting plugin object was created with the wrong security principal\nand thus received elevated privileges such as the abilities to read\nlocal files, launch processes, and create network connections.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03473", "scoring_system": "epss", "scoring_elements": "0.87752", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660422", "reference_id": "660422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775", "reference_id": "CVE-2010-3775", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-79", "reference_id": "mfsa2010-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3775" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6m78-bdd6-vfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74319?format=api", "vulnerability_id": "VCID-6mgf-gnw9-3yeg", "summary": "Thunderbird mail crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05533", "scoring_system": "epss", "scoring_elements": "0.90393", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=507812", "reference_id": "507812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=507812" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1134", "reference_id": "RHSA-2009:1134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mgf-gnw9-3yeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2652?format=api", "vulnerability_id": "VCID-6mxs-cd1d-qkh3", "summary": "Web developer Cefn Hoile reported that sites which\nallow users to embed third-party stylesheets are vulnerable to script\ninjection attacks using XBL bindings. While this behavior was\ndocumented previously, it was determined that this particular risk was\nnot well-understood by some websites. To mitigate this risk Mozilla\nadded a restriction that requires XBL bindings to come from the same\norigin as the bound document.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01099", "scoring_system": "epss", "scoring_elements": "0.78329", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1308" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266", "reference_id": "496266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308", "reference_id": "CVE-2009-1308", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-18", "reference_id": "mfsa2009-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1308" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mxs-cd1d-qkh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2133?format=api", "vulnerability_id": "VCID-6vvv-yczm-pue9", "summary": "Dirk Heinrich reported that on Windows platforms\nwhen document.write() was called with a very long string\na buffer overflow was caused in line breaking routines attempting to\nprocess the string for display. Such cases triggered an invalid read\npast the end of an array causing a crash which an attacker could\npotentially use to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08397", "scoring_system": "epss", "scoring_elements": "0.92443", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769", "reference_id": "CVE-2010-3769", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-75", "reference_id": "mfsa2010-75", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3769" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vvv-yczm-pue9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2275?format=api", "vulnerability_id": "VCID-6w8d-f2v4-4bd4", "summary": "Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.76149", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5841" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877628", "reference_id": "877628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841", "reference_id": "CVE-2012-5841", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-100", "reference_id": "mfsa2012-100", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5841" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6w8d-f2v4-4bd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2183?format=api", "vulnerability_id": "VCID-72a2-1hry-zqd5", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03853", "scoring_system": "epss", "scoring_elements": "0.88399", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660408", "reference_id": "660408", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776", "reference_id": "CVE-2010-3776", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74", "reference_id": "mfsa2010-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0968", "reference_id": "RHSA-2010:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0969", "reference_id": "RHSA-2010:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0969" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3776" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72a2-1hry-zqd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2619?format=api", "vulnerability_id": "VCID-76dz-7sqa-fqdn", "summary": "Microsoft security researchers Shuo\nChen, Ziqing Mao, Yi-Min\nWang, and Ming Zhang reported that when a\nCONNECT request is sent to a proxy server and a non-200 response is\nreturned, then the body of the response is incorrectly rendered\nwithin the context of the request Host: header. An\nactive network attacker could use this vulnerability to intercept a\nCONNECT request and reply with a non-200 response containing malicious\ncode which would be executed within the context of the victim's\nrequested SSL-protected domain. Since this attack requires the victim\nto have a proxy configured, the severity of this issue was determined\nto be high.Thunderbird mail messages are not vulnerable to this flaw,\nbut if Thunderbird were being used in a browser-like manner (through Add-ons,\nperhaps) and JavaScript were enabled (not the default setting) then users could\nbe vulnerable to this flaw in older versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.84085", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578", "reference_id": "503578", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836", "reference_id": "CVE-2009-1836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-27", "reference_id": "mfsa2009-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76dz-7sqa-fqdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2195?format=api", "vulnerability_id": "VCID-76s6-dzts-b7b6", "summary": "Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument. The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext. The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate. A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58482", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2751" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615480", "reference_id": "615480", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751", "reference_id": "CVE-2010-2751", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45", "reference_id": "mfsa2010-45", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2751" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76s6-dzts-b7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2314?format=api", "vulnerability_id": "VCID-7aj6-mfpj-myb3", "summary": "Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78348", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4184" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623", "reference_id": "863623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184", "reference_id": "CVE-2012-4184", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83", "reference_id": "mfsa2012-83", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4184" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7aj6-mfpj-myb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2792?format=api", "vulnerability_id": "VCID-7brb-puuf-fya8", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0072" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700622", "reference_id": "700622", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072", "reference_id": "CVE-2011-0072", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0072" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7brb-puuf-fya8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2193?format=api", "vulnerability_id": "VCID-7dzj-wguk-j3bs", "summary": "Morten Kråkvik of Telenor SOC reported an exploit\ntargeting particular versions of Firefox 3.6 on Windows XP that\nTelenor found while investigating an intrusion attempt on a customer\nnetwork. The underlying vulnerability, however, was present on both\nthe Firefox 3.5 and Firefox 3.6 development branches and affected all\nsupported platforms.Reading mail in Thunderbird does not pose a risk to\nusers, however the vulnerability is present and could be triggered in\nRSS feeds if JavaScript is enabled or by an add-on that enables\nbrowser-like functionality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86773", "scoring_system": "epss", "scoring_elements": "0.99439", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3765" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0061", "reference_id": "0061", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0061" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html", "reference_id": "050061.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "reference_id": "050077.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "reference_id": "050154.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html", "reference_id": "050233.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114329", "reference_id": "100114329", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114329" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114335", "reference_id": "100114335", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114335" }, { "reference_url": "http://www.norman.com/security_center/virus_description_archive/129146/", "reference_id": "129146", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.norman.com/security_center/virus_description_archive/129146/" }, { "reference_url": "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/", "reference_id": "129223", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/" }, { "reference_url": "http://www.exploit-db.com/exploits/15341", "reference_id": "15341", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.exploit-db.com/exploits/15341" }, { "reference_url": "http://www.exploit-db.com/exploits/15342", "reference_id": "15342", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.exploit-db.com/exploits/15342" }, { "reference_url": "http://www.exploit-db.com/exploits/15352", "reference_id": "15352", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.exploit-db.com/exploits/15352" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2837", "reference_id": "2837", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2837" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2857", "reference_id": "2857", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2857" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2864", "reference_id": "2864", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2864" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2871", "reference_id": "2871", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2871" }, { "reference_url": "http://secunia.com/advisories/41761", "reference_id": "41761", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41761" }, { "reference_url": "http://secunia.com/advisories/41965", "reference_id": "41965", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41965" }, { "reference_url": "http://secunia.com/advisories/41966", "reference_id": "41966", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41966" }, { "reference_url": "http://secunia.com/advisories/41969", "reference_id": "41969", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41969" }, { "reference_url": "http://secunia.com/advisories/41975", "reference_id": "41975", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41975" }, { "reference_url": "http://secunia.com/advisories/42003", "reference_id": "42003", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42003" }, { "reference_url": "http://secunia.com/advisories/42008", "reference_id": "42008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42008" }, { "reference_url": "http://secunia.com/advisories/42043", "reference_id": "42043", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42043" }, { "reference_url": "http://secunia.com/advisories/42867", "reference_id": "42867", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42867" }, { "reference_url": "http://www.securityfocus.com/bid/44425", "reference_id": "44425", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securityfocus.com/bid/44425" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=646997", "reference_id": "646997", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=646997" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213", "reference_id": "advisories?name=MDVSA-2010:213", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219", "reference_id": "advisories?name=MDVSA-2010:219", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219" }, { "reference_url": "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/", "reference_id": "critical-vulnerability-in-firefox-3-5-and-firefox-3-6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765", "reference_id": "CVE-2010-3765", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html", "reference_id": "CVE-2010-3765;OSVDB-68905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb", "reference_id": "CVE-2010-3765;OSVDB-68905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html", "reference_id": "CVE-2010-3765;OSVDB-68921", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222", "reference_id": "CVE-2010-3765;OSVDB-68921;OSVDB-68905", "reference_type": "exploit", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html", "reference_id": "CVE-2010-3765;OSVDB-68921;OSVDB-68905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html" }, { "reference_url": "http://isc.sans.edu/diary.html?storyid=9817", "reference_id": "diary.html?storyid=9817", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://isc.sans.edu/diary.html?storyid=9817" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2124", "reference_id": "dsa-2124", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.debian.org/security/2010/dsa-2124" }, { "reference_url": "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter", "reference_id": "en?utm_source=twitterfeed&utm_medium=twitter", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "http://www.securitytracker.com/id?1024645", "reference_id": "id?1024645", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securitytracker.com/id?1024645" }, { "reference_url": "http://www.securitytracker.com/id?1024650", "reference_id": "id?1024650", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securitytracker.com/id?1024650" }, { "reference_url": "http://www.securitytracker.com/id?1024651", "reference_id": "id?1024651", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securitytracker.com/id?1024651" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-73", "reference_id": "mfsa2010-73", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-73" }, { "reference_url": "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "reference_id": "mfsa2010-73.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html" }, { "reference_url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "reference_id": "multiple_vulnerabilities_in_mozilla_firefox", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A12108", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0808", "reference_id": "RHSA-2010:0808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0808" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0808.html", "reference_id": "RHSA-2010-0808.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0808.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0809", "reference_id": "RHSA-2010:0809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0809" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0809.html", "reference_id": "RHSA-2010-0809.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0809.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0810", "reference_id": "RHSA-2010:0810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0810" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0810.html", "reference_id": "RHSA-2010-0810.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0810.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0812", "reference_id": "RHSA-2010:0812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0812" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2010-0812.html", "reference_id": "RHSA-2010-0812.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0812.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "reference_id": "RHSA-2010-0861.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0861.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "reference_id": "RHSA-2010-0896.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0896.html" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53", "reference_id": "show_bug.cgi?id=607222#c53", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53" }, { "reference_url": "http://www.ubuntu.com/usn/usn-1011-1", "reference_id": "usn-1011-1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.ubuntu.com/usn/usn-1011-1" }, { "reference_url": "https://usn.ubuntu.com/1011-1/", "reference_id": "USN-1011-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1011-1/" }, { "reference_url": "https://usn.ubuntu.com/1011-2/", "reference_id": "USN-1011-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1011-2/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1011-2", "reference_id": "USN-1011-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1011-2" }, { "reference_url": "https://usn.ubuntu.com/1011-3/", "reference_id": "USN-1011-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1011-3/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1011-3", "reference_id": "USN-1011-3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1011-3" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706", "reference_id": "viewer.php?l=slackware-security&y=2010&m=slackware-security.556706", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3765" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7dzj-wguk-j3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2476?format=api", "vulnerability_id": "VCID-7hxm-91q8-37de", "summary": "An anonymous security researcher reported via TippingPoint's Zero\nDay Initiative that insufficient checks were being performed to test\nwhether the Flash module was properly dynamically unloaded.\nThe researcher demonstrated that a SWF file which dynamically unloads\nitself from an outside JavaScript function can cause the browser to access\na memory address no longer mapped to the Flash module, resulting in a\ncrash. This crash could be used by an attacker to run arbitrary code\non a victim's computer.Firefox 3 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2392", "scoring_system": "epss", "scoring_elements": "0.96119", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470867", "reference_id": "470867", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013", "reference_id": "CVE-2008-5013", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-49", "reference_id": "mfsa2008-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5013" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxm-91q8-37de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2395?format=api", "vulnerability_id": "VCID-7q2k-463k-ryg1", "summary": "Security researchers Jordi Chancel and Eddy\nBordi reported that they could short-circuit page loads to show the\naddress of a different site than what is loaded in the window in the addressbar.\nSecurity researcher Chris McGowen independently reported the\nsame flaw, and further demonstrated that this could lead to loading scripts from\nthe attacker's site, leaving users vulnerable to cross-site scripting (XSS)\nattacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00685", "scoring_system": "epss", "scoring_elements": "0.72001", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815024", "reference_id": "815024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474", "reference_id": "CVE-2012-0474", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-27", "reference_id": "mfsa2012-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0474" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7q2k-463k-ryg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2885?format=api", "vulnerability_id": "VCID-7q63-dfrh-wuh3", "summary": "Security researcher Mario Heiderich reported that\nHTML-encoded entities were being improperly decoded when displayed\ninside SVG elements. This could lead to XSS attacks on sites relying\non HTML encoding of user-supplied content.The inline SVG feature was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2369", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49116", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2369" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369", "reference_id": "CVE-2011-2369", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-27", "reference_id": "mfsa2011-27", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-27" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2369" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7q63-dfrh-wuh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2273?format=api", "vulnerability_id": "VCID-7st2-j9h1-mfdg", "summary": "Mozilla developer Johnny Stenback discovered that several\nmethods of a feature used for testing (DOMWindowUtils) are not protected by\nexisting security checks, allowing these methods to be called through script by\nweb pages. This was addressed by adding the existing security checks to these\nmethods.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75012", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863618", "reference_id": "863618", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986", "reference_id": "CVE-2012-3986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-77", "reference_id": "mfsa2012-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-77" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3986" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7st2-j9h1-mfdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2204?format=api", "vulnerability_id": "VCID-7vd9-7uht-j3e7", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that XUL <tree> objects could\nbe manipulated such that the setting of certain properties on the\nobject would trigger the removal of the tree from the DOM and cause\ncertain sections of deleted memory to be accessed. In products based on\nGecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer\nthis memory has been overwritten by a value that will cause an\nunexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5,\nThunderbird 3.0, and SeaMonkey 2.0) and older an attacker could\npotentially use this vulnerability to crash a victim's browser and run\narbitrary code on their computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05398", "scoring_system": "epss", "scoring_elements": "0.90265", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3168" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630064", "reference_id": "630064", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168", "reference_id": "CVE-2010-3168", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-55", "reference_id": "mfsa2010-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3168" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vd9-7uht-j3e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2575?format=api", "vulnerability_id": "VCID-7vzr-cjqw-c3az", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0345", "scoring_system": "epss", "scoring_elements": "0.87715", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512128", "reference_id": "512128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462", "reference_id": "CVE-2009-2462", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2462" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vzr-cjqw-c3az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2632?format=api", "vulnerability_id": "VCID-7w8b-kkj8-efg1", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0678", "scoring_system": "epss", "scoring_elements": "0.91448", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0353" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483141", "reference_id": "483141", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353", "reference_id": "CVE-2009-0353", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01", "reference_id": "mfsa2009-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0353" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7w8b-kkj8-efg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2626?format=api", "vulnerability_id": "VCID-7xf8-83su-tuet", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03012", "scoring_system": "epss", "scoring_elements": "0.8682", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2664" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618341", "reference_id": "1618341", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664", "reference_id": "CVE-2009-2664", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45", "reference_id": "mfsa2009-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2664" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xf8-83su-tuet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2850?format=api", "vulnerability_id": "VCID-83vx-q5b9-pfax", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.86512", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2375" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375", "reference_id": "CVE-2011-2375", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2375" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-83vx-q5b9-pfax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2857?format=api", "vulnerability_id": "VCID-84n5-7t1b-e3de", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG\nimplementation could result in an out-of-bounds memory access if\nSVG elements were removed during a DOMAttrModified event handler.\nThis vulnerability does not affect products prior to Firefox 8\nand SeaMonkey 2.5. Thunderbird 8 users would be vulnerable only if\nusing a browser-like feature that allowed scripts to run; users\nare not at risk while reading mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75876", "scoring_system": "epss", "scoring_elements": "0.98934", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3658" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658", "reference_id": "CVE-2011-3658", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb", "reference_id": "CVE-2011-3658;OSVDB-77953", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-12-056/", "reference_id": "CVE-2011-3658;OSVDB-77953", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-056/" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-55", "reference_id": "mfsa2011-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-55" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3658" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84n5-7t1b-e3de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2851?format=api", "vulnerability_id": "VCID-88qm-sqq1-g3ck", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02371", "scoring_system": "epss", "scoring_elements": "0.85213", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376", "reference_id": "CVE-2011-2376", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88qm-sqq1-g3ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2229?format=api", "vulnerability_id": "VCID-8ajm-cdtz-gbe6", "summary": "Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01406", "scoring_system": "epss", "scoring_elements": "0.80782", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4193" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=865215", "reference_id": "865215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193", "reference_id": "CVE-2012-4193", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89", "reference_id": "mfsa2012-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1361", "reference_id": "RHSA-2012:1361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1362", "reference_id": "RHSA-2012:1362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1362" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4193" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ajm-cdtz-gbe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2663?format=api", "vulnerability_id": "VCID-8bcy-rzxv-pbcy", "summary": "Security researcher Gregory Fleischer reported\nthat local resources loaded via the file: protocol can\naccess any domain's cookies which have been saved on a user's machine.\nFleischer demonstrated that a local document's domain was being\ncalculated incorrectly from its URL. If a victim could be persuaded\nto download a malicious file and then open that file in their browser,\nthe malicious file could then steal arbitrary cookies from the\nvictim's computer. Due to the interaction required for this attack,\nthe severity of the issue was determined to be moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01548", "scoring_system": "epss", "scoring_elements": "0.81704", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503576", "reference_id": "503576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835", "reference_id": "CVE-2009-1835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-26", "reference_id": "mfsa2009-26", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bcy-rzxv-pbcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2363?format=api", "vulnerability_id": "VCID-8c5a-phhj-6kek", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02745", "scoring_system": "epss", "scoring_elements": "0.86233", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3970" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922", "reference_id": "851922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970", "reference_id": "CVE-2012-3970", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63", "reference_id": "mfsa2012-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3970" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8c5a-phhj-6kek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2191?format=api", "vulnerability_id": "VCID-8dat-6cwu-cbfh", "summary": "Security researcher Paul Stone reported that a\nbrowser applet could be used to turn a simple mouse click into a\ndrag-and-drop action, potentially resulting in the unintended loading\nof resources in a user's browser. This behavior could be used twice\nin succession to first load a privileged chrome: URL in a\nvictim's browser, then load a malicious javascript: URL\non top of the same document resulting in arbitrary script execution\nwith chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87843", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578154", "reference_id": "578154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178", "reference_id": "CVE-2010-0178", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-20", "reference_id": "mfsa2010-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0178" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dat-6cwu-cbfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2200?format=api", "vulnerability_id": "VCID-8djv-agez-ekdf", "summary": "Security researcher Marc Schoenefeld reported that\na specially crafted font could be applied to a document and cause a\ncrash on Mac systems. The crash showed signs of memory corruption and\npresumably could be used by an attacker to execute arbitrary code on a\nvictim's computer.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86663", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770", "reference_id": "CVE-2010-2770", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-58", "reference_id": "mfsa2010-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2770" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8djv-agez-ekdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2190?format=api", "vulnerability_id": "VCID-8f9d-wjv2-8kfj", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03507", "scoring_system": "epss", "scoring_elements": "0.87824", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0174" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578147", "reference_id": "578147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174", "reference_id": "CVE-2010-0174", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16", "reference_id": "mfsa2010-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0174" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8f9d-wjv2-8kfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88952?format=api", "vulnerability_id": "VCID-8gvs-b724-9yfd", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71187", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6961" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-6961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gvs-b724-9yfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2171?format=api", "vulnerability_id": "VCID-8j92-vm1q-kqbk", "summary": "Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random(). Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user. This additional variant is\nidentified as CVE-2010-3171.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63115", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5913" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=480938", "reference_id": "480938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480938" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913", "reference_id": "CVE-2008-5913", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33", "reference_id": "mfsa2010-33", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5913" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8j92-vm1q-kqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2231?format=api", "vulnerability_id": "VCID-8qn7-4rcc-v7bx", "summary": "Security researcher vsemozhetbyt reported that when the\nDOMParser is used to parse text/html data in a Firefox extension, linked\nresources within this HTML data will be loaded. If the data being parsed in the\nextension is untrusted, it could lead to information leakage and can\npotentially be combined with other attacks to become exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76332", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851929", "reference_id": "851929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975", "reference_id": "CVE-2012-3975", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-68", "reference_id": "mfsa2012-68", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-68" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3975" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qn7-4rcc-v7bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2627?format=api", "vulnerability_id": "VCID-8sxb-49bw-g3fn", "summary": "Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way. This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page. An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0205", "scoring_system": "epss", "scoring_elements": "0.84152", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546722", "reference_id": "546722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984", "reference_id": "CVE-2009-3984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69", "reference_id": "mfsa2009-69", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1673", "reference_id": "RHSA-2009:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3984" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sxb-49bw-g3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2825?format=api", "vulnerability_id": "VCID-8x81-ek8m-rbbh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17825", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980", "reference_id": "CVE-2011-2980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2980" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8x81-ek8m-rbbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2290?format=api", "vulnerability_id": "VCID-8zph-aky5-aycp", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.77552", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877945", "reference_id": "877945", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838", "reference_id": "CVE-2012-5838", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5838" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zph-aky5-aycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2268?format=api", "vulnerability_id": "VCID-94h3-jftn-tqg2", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01532", "scoring_system": "epss", "scoring_elements": "0.81622", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5843" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877613", "reference_id": "877613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843", "reference_id": "CVE-2012-5843", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91", "reference_id": "mfsa2012-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5843" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94h3-jftn-tqg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2336?format=api", "vulnerability_id": "VCID-94xc-pjbs-ckar", "summary": "Mozilla community member Ms2ger found an image rendering\nissue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects.\nThis can lead to a crash on a maliciously crafted web page. While there is no\nevidence that this is directly exploitable, there is a possibility of remote\ncode execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73509", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815037", "reference_id": "815037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478", "reference_id": "CVE-2012-0478", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-30", "reference_id": "mfsa2012-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0478" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94xc-pjbs-ckar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2372?format=api", "vulnerability_id": "VCID-99nn-nb21-pyaz", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01275", "scoring_system": "epss", "scoring_elements": "0.79855", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863614", "reference_id": "863614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982", "reference_id": "CVE-2012-3982", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-74", "reference_id": "mfsa2012-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-74" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3982" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99nn-nb21-pyaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2308?format=api", "vulnerability_id": "VCID-9bde-enk3-9kbq", "summary": "Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, writes to\nlocation.hash can be used in concert with scripted history\nnavigation to cause a specific website to be loaded into the history object. The\nbaseURI can then be changed to this stored site, allowing an attacker to inject\na script or intercept posted data posted to a location specified with a relative\npath.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78694", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3992" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863624", "reference_id": "863624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992", "reference_id": "CVE-2012-3992", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-84", "reference_id": "mfsa2012-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-84" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3992" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9bde-enk3-9kbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2458?format=api", "vulnerability_id": "VCID-9d41-nsk6-sufx", "summary": "Security researcher Hish reported that\nthe persist attribute in XUL elements can be used to\nstore cookie-like information on a user's computer which could later\nbe read by a website. This creates a privacy issue for users who have\na non-standard cookie preference and wish to prevent sites from\nsetting cookies on their machine. Even with cookies turned off, this\nissue could be used by a website to write persistent data in a user's\nbrowser and track the user across browsing sessions. Additionally,\nthis issue could allow a website to bypass the limits normally placed\non cookie size and number.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00833", "scoring_system": "epss", "scoring_elements": "0.74898", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5505" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476274", "reference_id": "476274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505", "reference_id": "CVE-2008-5505", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-63", "reference_id": "mfsa2008-63", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5505" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d41-nsk6-sufx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2638?format=api", "vulnerability_id": "VCID-9f3w-zp9z-3yc7", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08287", "scoring_system": "epss", "scoring_elements": "0.92369", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982", "reference_id": "CVE-2009-3982", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3982" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9f3w-zp9z-3yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2815?format=api", "vulnerability_id": "VCID-9f45-79mn-3ug8", "summary": "Yosuke Hasegawa reported that the Mozilla browser engine\nmishandled invalid sequences in the Shift-JIS encoding. When encountering an\ninvalid pair Mozilla would turn the entire two-byte sequence into a single\nunknown character rather than an unknown character followed by a valid\nsingle-byte character. On some sites attackers may have been able to\nend their input with the first byte of a two byte sequence; when that\ninput was later put into a page context it might cause the following\ndelimiter (such as a double-quote) to be consumed, breaking the format\nof the page. Depending on the page this could potentially be used to\nsteal data or inject script into the page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56853", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3648" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751932", "reference_id": "751932", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648", "reference_id": "CVE-2011-3648", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-47", "reference_id": "mfsa2011-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1437", "reference_id": "RHSA-2011:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1438", "reference_id": "RHSA-2011:1438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1439", "reference_id": "RHSA-2011:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1440", "reference_id": "RHSA-2011:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1440" }, { "reference_url": "https://usn.ubuntu.com/1251-1/", "reference_id": "USN-1251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1251-1/" }, { "reference_url": "https://usn.ubuntu.com/1254-1/", "reference_id": "USN-1254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1254-1/" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3648" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9f45-79mn-3ug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2456?format=api", "vulnerability_id": "VCID-9fbv-p14w-quch", "summary": "Security researcher Chris Evans reported an error\nin the method used to parse the default namespace in an E4X document.\nThe error was caused by quote characters in the namespace not being\nproperly escaped. The severity of this issue was determined to be\nlow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07219", "scoring_system": "epss", "scoring_elements": "0.91734", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5024" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470902", "reference_id": "470902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024", "reference_id": "CVE-2008-5024", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-58", "reference_id": "mfsa2008-58", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5024" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fbv-p14w-quch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2631?format=api", "vulnerability_id": "VCID-9k9z-m4gr-gkc6", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08533", "scoring_system": "epss", "scoring_elements": "0.92509", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483139", "reference_id": "483139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352", "reference_id": "CVE-2009-0352", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01", "reference_id": "mfsa2009-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0352" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9k9z-m4gr-gkc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2590?format=api", "vulnerability_id": "VCID-9km7-m142-abbt", "summary": "Mozilla security researchers Jesse Ruderman\nand Sid Stamm reported that when downloading a file\ncontaining a right-to-left override character (RTL) in the filename,\nthe name displayed in the dialog title bar conflicts with the name of\nthe file shown in the dialog body. An attacker could use this\nvulnerability to obfuscate the name and file extension of a file to be\ndownloaded and opened, potentially causing a user to run an executable\nfile when they expected to open a non-executable file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03024", "scoring_system": "epss", "scoring_elements": "0.86853", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530168", "reference_id": "530168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376", "reference_id": "CVE-2009-3376", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62", "reference_id": "mfsa2009-62", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9km7-m142-abbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2788?format=api", "vulnerability_id": "VCID-9qs9-ys17-v3bg", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700617", "reference_id": "700617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074", "reference_id": "CVE-2011-0074", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0074" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qs9-ys17-v3bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2165?format=api", "vulnerability_id": "VCID-9ubz-x94a-w3dr", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27259", "scoring_system": "epss", "scoring_elements": "0.96485", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576698", "reference_id": "576698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167", "reference_id": "CVE-2010-0167", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt", "reference_id": "CVE-2010-0167;OSVDB-63267", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt" }, { "reference_url": "https://www.securityfocus.com/bid/38944/info", "reference_id": "CVE-2010-0167;OSVDB-63267", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/38944/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0167" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ubz-x94a-w3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2879?format=api", "vulnerability_id": "VCID-9xyn-fzdn-3qen", "summary": "Security researcher Zach Hoffman reported that a\nrecursive call to eval() wrapped in\na try/catch statement places the browser into a\ninconsistent state. Any dialog box opened in this state is displayed\nwithout text and with non-functioning buttons. Closing the window\ncauses the dialog to evaluate to true. An attacker could use this\nissue to force a user into accepting any dialog, such as one granting\nelevated privileges to the page presenting the dialog.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00952", "scoring_system": "epss", "scoring_elements": "0.76695", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0051" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675087", "reference_id": "675087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051", "reference_id": "CVE-2011-0051", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-02", "reference_id": "mfsa2011-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0312", "reference_id": "RHSA-2011:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0313", "reference_id": "RHSA-2011:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0313" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0051" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyn-fzdn-3qen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2345?format=api", "vulnerability_id": "VCID-a1hg-12wv-a7h5", "summary": "Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87797", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877615", "reference_id": "877615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202", "reference_id": "CVE-2012-4202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-92", "reference_id": "mfsa2012-92", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-92" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a1hg-12wv-a7h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2649?format=api", "vulnerability_id": "VCID-a23w-uvk3-d7g8", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0585", "scoring_system": "epss", "scoring_elements": "0.9069", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381", "reference_id": "CVE-2009-3381", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3381" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a23w-uvk3-d7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2481?format=api", "vulnerability_id": "VCID-a28h-p654-8bgm", "summary": "Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol. The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.84185", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463246", "reference_id": "463246", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463246" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067", "reference_id": "CVE-2008-4067", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44", "reference_id": "mfsa2008-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4067" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a28h-p654-8bgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2186?format=api", "vulnerability_id": "VCID-a2pm-eupm-dfaq", "summary": "Mozilla community member Wladimir Palant reported\nthat XML documents were failing to call certain security checks when\nloading new content. This could result in certain resources being\nloaded that would otherwise violate security policies set by the\nbrowser or installed add-ons.This issue has not been fixed in Firefox 3.0", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.80044", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=586580", "reference_id": "586580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=586580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182", "reference_id": "CVE-2010-0182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-24", "reference_id": "mfsa2010-24", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2pm-eupm-dfaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2420?format=api", "vulnerability_id": "VCID-a59b-rr52-b3hs", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17422", "scoring_system": "epss", "scoring_elements": "0.9518", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470883", "reference_id": "470883", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017", "reference_id": "CVE-2008-5017", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52", "reference_id": "mfsa2008-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5017" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a59b-rr52-b3hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2377?format=api", "vulnerability_id": "VCID-a6uw-zff3-n3e6", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79623", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1938" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938", "reference_id": "CVE-2012-1938", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1938" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6uw-zff3-n3e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2426?format=api", "vulnerability_id": "VCID-a85v-byy9-vqf7", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02287", "scoring_system": "epss", "scoring_elements": "0.84962", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4064" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463204", "reference_id": "463204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463204" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064", "reference_id": "CVE-2008-4064", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4064" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a85v-byy9-vqf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2315?format=api", "vulnerability_id": "VCID-a89m-g6m7-tqbr", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87451", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1972" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972", "reference_id": "CVE-2012-1972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a89m-g6m7-tqbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2662?format=api", "vulnerability_id": "VCID-a8hd-tfek-8yfa", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04708", "scoring_system": "epss", "scoring_elements": "0.89536", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1305" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256", "reference_id": "496256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305", "reference_id": "CVE-2009-1305", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1305" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8hd-tfek-8yfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2142?format=api", "vulnerability_id": "VCID-a97g-r4rk-sqb3", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04334", "scoring_system": "epss", "scoring_elements": "0.89085", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1200" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804", "reference_id": "590804", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200", "reference_id": "CVE-2010-1200", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1200" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a97g-r4rk-sqb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2223?format=api", "vulnerability_id": "VCID-a9xv-yc56-c3ca", "summary": "Using the Address Sanitizer tool, Mozilla security researcher\nChristoph Diehl discovered two memory corruption issues\ninvolving the Graphite 2 library used in Mozilla products. Both of these issues\ncan cause a potentially exploitable crash. These problems were fixed in the\nGraphite 2 library, which has been updated for Mozilla products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03136", "scoring_system": "epss", "scoring_elements": "0.87099", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851923", "reference_id": "851923", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971", "reference_id": "CVE-2012-3971", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-64", "reference_id": "mfsa2012-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-64" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9xv-yc56-c3ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2150?format=api", "vulnerability_id": "VCID-aa94-6k3c-gua9", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05442", "scoring_system": "epss", "scoring_elements": "0.90311", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0163" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576391", "reference_id": "576391", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576391" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163", "reference_id": "CVE-2010-0163", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0163" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aa94-6k3c-gua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2130?format=api", "vulnerability_id": "VCID-aejk-rng6-r3dj", "summary": "Mozilla developer Josh Soref of Nokia reported that\ndocuments failed to call certain security checks when attempting to\npreload images. Although the image content is not available to the page, it\nis possible to specify protocols that are normally not allowed in a web page\nsuch as file:. This includes internal schemes implemented by\nadd-ons that might perform privileged actions resulting in something like a\nCross-Site Request Forgery (CSRF) attack against the add-on. Potential severity\nwould depend on the add-ons installed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12288", "scoring_system": "epss", "scoring_elements": "0.93978", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168", "reference_id": "CVE-2010-0168", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html", "reference_id": "CVE-2010-0168;OSVDB-63269", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html" }, { "reference_url": "https://www.securityfocus.com/bid/38927/info", "reference_id": "CVE-2010-0168;OSVDB-63269", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/38927/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-13", "reference_id": "mfsa2010-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0168" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aejk-rng6-r3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2601?format=api", "vulnerability_id": "VCID-af65-mt6s-m7gm", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.87139", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521687", "reference_id": "521687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071", "reference_id": "CVE-2009-3071", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-af65-mt6s-m7gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74261?format=api", "vulnerability_id": "VCID-ag3v-an3r-dkhn", "summary": "firefox 3.5 various flaws", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11193", "scoring_system": "epss", "scoring_elements": "0.93616", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228", "reference_id": "511228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html", "reference_id": "OSVDB-55931;CVE-2009-2479", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2479" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ag3v-an3r-dkhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2337?format=api", "vulnerability_id": "VCID-aj7f-gyqy-c7d2", "summary": "Security researcher Collin Jackson reported a violation of\nthe HTML5 specifications for document.domain behavior. Specified\nbehavior requires pages to only have access to windows in a new\ndocument.domain but the observed violation allowed pages to retain\naccess to windows from the page's initial origin in addition to the new\ndocument.domain. This could potentially lead to cross-site\nscripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.76347", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3985" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863617", "reference_id": "863617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985", "reference_id": "CVE-2012-3985", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-76", "reference_id": "mfsa2012-76", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-76" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3985" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aj7f-gyqy-c7d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2360?format=api", "vulnerability_id": "VCID-an8x-4b2f-cket", "summary": "Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01959", "scoring_system": "epss", "scoring_elements": "0.83793", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877616", "reference_id": "877616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201", "reference_id": "CVE-2012-4201", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-93", "reference_id": "mfsa2012-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4201" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-an8x-4b2f-cket" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2309?format=api", "vulnerability_id": "VCID-and6-s8wt-rkfc", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative the possibility of memory corruption during\nthe decoding of Ogg Vorbis files. This can cause a crash during decoding and has\nthe potential for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08973", "scoring_system": "epss", "scoring_elements": "0.92732", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197", "reference_id": "664197", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=786026", "reference_id": "786026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444", "reference_id": "CVE-2012-0444", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07", "reference_id": "mfsa2012-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0136", "reference_id": "RHSA-2012:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0136" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" }, { "reference_url": "https://usn.ubuntu.com/1370-1/", "reference_id": "USN-1370-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1370-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0444" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-and6-s8wt-rkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2367?format=api", "vulnerability_id": "VCID-ane4-965q-wfh8", "summary": "Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. \nAdditional vulnerable DLL file names were found and fixed in Firefox 18.0, Firefox ESR 17.0.1, and Firefox ESR 10.0.12 releases.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37402", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206", "reference_id": "CVE-2012-4206", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98", "reference_id": "mfsa2012-98", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4206" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ane4-965q-wfh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2473?format=api", "vulnerability_id": "VCID-ap5q-gg9g-43fb", "summary": "Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03669", "scoring_system": "epss", "scoring_elements": "0.88092", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463189", "reference_id": "463189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837", "reference_id": "CVE-2008-3837", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-40", "reference_id": "mfsa2008-40", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-3837" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ap5q-gg9g-43fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88949?format=api", "vulnerability_id": "VCID-arxf-63u9-bbhw", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06763", "scoring_system": "epss", "scoring_elements": "0.91438", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2671" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html", "reference_id": "CVE-2007-2671;OSVDB-35700", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html" }, { "reference_url": "https://www.securityfocus.com/bid/23747/info", "reference_id": "CVE-2007-2671;OSVDB-35700", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/23747/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2007-2671" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arxf-63u9-bbhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2817?format=api", "vulnerability_id": "VCID-asue-vdvw-47b4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02496", "scoring_system": "epss", "scoring_elements": "0.85566", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730518", "reference_id": "730518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982", "reference_id": "CVE-2011-2982", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1165", "reference_id": "RHSA-2011:1165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1166", "reference_id": "RHSA-2011:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1167", "reference_id": "RHSA-2011:1167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1167" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2982" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-asue-vdvw-47b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2266?format=api", "vulnerability_id": "VCID-atd3-6j8b-4ygt", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52507", "scoring_system": "epss", "scoring_elements": "0.97981", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4188" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188", "reference_id": "CVE-2012-4188", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4188" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atd3-6j8b-4ygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2264?format=api", "vulnerability_id": "VCID-atww-ctz6-23fg", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52507", "scoring_system": "epss", "scoring_elements": "0.97981", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4186" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186", "reference_id": "CVE-2012-4186", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4186" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atww-ctz6-23fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2648?format=api", "vulnerability_id": "VCID-auq4-xkn6-3fc9", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0364", "scoring_system": "epss", "scoring_elements": "0.8804", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3380" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530567", "reference_id": "530567", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380", "reference_id": "CVE-2009-3380", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3380" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-auq4-xkn6-3fc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2599?format=api", "vulnerability_id": "VCID-avuv-znfu-wff5", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05238", "scoring_system": "epss", "scoring_elements": "0.90108", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521684", "reference_id": "521684", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069", "reference_id": "CVE-2009-3069", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3069" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avuv-znfu-wff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2404?format=api", "vulnerability_id": "VCID-awgw-xs6s-pufr", "summary": "Mozilla developer Boris Zbarsky reported that XBL\n bindings could be used to read data from other domains, a violation\n of the same-origin policy. The severity of this issue was determined\n to be moderate due to several mitigating factors:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79504", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5503" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476272", "reference_id": "476272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503", "reference_id": "CVE-2008-5503", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-61", "reference_id": "mfsa2008-61", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5503" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awgw-xs6s-pufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2368?format=api", "vulnerability_id": "VCID-ax4n-ycz1-2kfk", "summary": "Security Researcher Matt McCutchen reported that a\nclickjacking attack using the certificate warning page. A man-in-the-middle\n(MITM) attacker can use an iframe to display its own certificate error warning\npage (about:certerror) with the \"Add Exception\" button of a real warning page\nfrom a malicious site. This can mislead users to adding a certificate exception\nfor a different site than the perceived one. This can lead to compromised\ncommunications with the user perceived site through the MITM attack once the\ncertificate exception has been added.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00901", "scoring_system": "epss", "scoring_elements": "0.76022", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840222", "reference_id": "840222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840222" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964", "reference_id": "CVE-2012-1964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-54", "reference_id": "mfsa2012-54", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1964" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax4n-ycz1-2kfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2197?format=api", "vulnerability_id": "VCID-aykv-pwdn-rkb6", "summary": "Mozilla developers identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02476", "scoring_system": "epss", "scoring_elements": "0.85525", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566047", "reference_id": "566047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159", "reference_id": "CVE-2010-0159", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-01", "reference_id": "mfsa2010-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0159" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aykv-pwdn-rkb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2887?format=api", "vulnerability_id": "VCID-azf5-cjq7-6uc1", "summary": "Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81939", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002", "reference_id": "CVE-2011-3002", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41", "reference_id": "mfsa2011-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3002" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azf5-cjq7-6uc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2642?format=api", "vulnerability_id": "VCID-azu7-x774-kfdz", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07679", "scoring_system": "epss", "scoring_elements": "0.92024", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488272", "reference_id": "488272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771", "reference_id": "CVE-2009-0771", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0771" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azu7-x774-kfdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2581?format=api", "vulnerability_id": "VCID-b31y-7bzb-9ufb", "summary": "Security researcher Jeremy Brown reported that the\nfile naming scheme used for downloading a file which already exists in\nthe downloads folder is predictable. If an attacker had local access\nto a victim's computer and knew the name of a file the victim intended\nto open through the Download Manager, he could use this vulnerability\nto place a malicious file in the world-writable directory used to save\ntemporary downloaded files and cause the browser to choose the\nincorrect file when opening it. Since this attack requires local\naccess to the victim's machine, the severity of this vulnerability was\ndetermined to be low.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3376", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3274" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=524815", "reference_id": "524815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274", "reference_id": "CVE-2009-3274", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-53", "reference_id": "mfsa2009-53", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3274" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b31y-7bzb-9ufb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2217?format=api", "vulnerability_id": "VCID-b3p1-qqys-9udq", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0276", "scoring_system": "epss", "scoring_elements": "0.8626", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443", "reference_id": "CVE-2012-0443", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01", "reference_id": "mfsa2012-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0443" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3p1-qqys-9udq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2364?format=api", "vulnerability_id": "VCID-b7t8-kqn7-jfcm", "summary": "Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08531", "scoring_system": "epss", "scoring_elements": "0.92508", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=872753", "reference_id": "872753", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190", "reference_id": "CVE-2012-4190", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88", "reference_id": "mfsa2012-88", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4190" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7t8-kqn7-jfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2333?format=api", "vulnerability_id": "VCID-bb7c-gufb-ybat", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75549", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1970" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851909", "reference_id": "851909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970", "reference_id": "CVE-2012-1970", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57", "reference_id": "mfsa2012-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1970" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bb7c-gufb-ybat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2287?format=api", "vulnerability_id": "VCID-bc4u-zpu7-bbgx", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75362", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635", "reference_id": "877635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830", "reference_id": "CVE-2012-5830", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5830" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bc4u-zpu7-bbgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2854?format=api", "vulnerability_id": "VCID-bcbh-azrk-fqe7", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.These vulnerabilities did not affect the older browser engine used\nprior to Firefox 4.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0394", "scoring_system": "epss", "scoring_elements": "0.88535", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3660" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660", "reference_id": "CVE-2011-3660", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-53", "reference_id": "mfsa2011-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-53" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3660" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcbh-azrk-fqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2609?format=api", "vulnerability_id": "VCID-bdw1-fw83-q7ac", "summary": "Security researcher Guido Landi discovered that a\nXSL stylesheet could be used to crash the browser during a XSL\ntransformation. An attacker could potentially use this crash to run\narbitrary code on a victim's computer.This vulnerability was also previously reported as a stability\nproblem by Ubuntu community member, Andre. Ubuntu\ncommunity member Michael Rooney reported Andre's\nfindings to Mozilla, and Mozilla community member Martin\nhelped reduce Andre's original testcase and contributed a patch to fix\nthe vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37495", "scoring_system": "epss", "scoring_elements": "0.9726", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=492211", "reference_id": "492211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=492211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169", "reference_id": "CVE-2009-1169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-12", "reference_id": "mfsa2009-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-12" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt", "reference_id": "OSVDB-53079;CVE-2009-1169", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0397", "reference_id": "RHSA-2009:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0398", "reference_id": "RHSA-2009:0398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0398" }, { "reference_url": "https://usn.ubuntu.com/745-1/", "reference_id": "USN-745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdw1-fw83-q7ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2835?format=api", "vulnerability_id": "VCID-beyj-rs2t-8kgv", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\nan internal privilege check failed to respect the NoWaiverWrappers introduced\nwith Firefox 4. This could result in elevated privilege being granted to web content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00939", "scoring_system": "epss", "scoring_elements": "0.76544", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3655" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655", "reference_id": "CVE-2011-3655", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-52", "reference_id": "mfsa2011-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-52" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3655" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-beyj-rs2t-8kgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2170?format=api", "vulnerability_id": "VCID-bez8-mm4d-pqf3", "summary": "Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random(). Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user. This additional variant is\nidentified as CVE-2010-3171.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08698", "scoring_system": "epss", "scoring_elements": "0.92607", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171", "reference_id": "CVE-2010-3171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c", "reference_id": "CVE-2010-3171;OSVDB-53341", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c" }, { "reference_url": "https://www.securityfocus.com/bid/43222/info", "reference_id": "CVE-2010-3171;OSVDB-53341", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/43222/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33", "reference_id": "mfsa2010-33", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bez8-mm4d-pqf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2664?format=api", "vulnerability_id": "VCID-bf3g-e7fs-t3g4", "summary": "Bjoern Hoehrmann and security researcher Moxie\nMarlinspike independently reported\nthat Unicode box drawing characters were allowed in Internationalized\nDomain Names (IDN) where they could be visually confused with\npunctuation used in valid web addresses. This could be combined with\na phishing-type scam to trick a victim into thinking they were on a\ndifferent website than they actually were.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02133", "scoring_system": "epss", "scoring_elements": "0.84459", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0652" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=486704", "reference_id": "486704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652", "reference_id": "CVE-2009-0652", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-15", "reference_id": "mfsa2009-15", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0652" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bf3g-e7fs-t3g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2181?format=api", "vulnerability_id": "VCID-bgku-whvs-rkdg", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the fix\nfor CVE-2010-0179\ncould be circumvented permitting the execution of arbitrary JavaScript\nwith chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01046", "scoring_system": "epss", "scoring_elements": "0.77786", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660435", "reference_id": "660435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773", "reference_id": "CVE-2010-3773", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82", "reference_id": "mfsa2010-82", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3773" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgku-whvs-rkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2597?format=api", "vulnerability_id": "VCID-bhha-rf3c-dkdn", "summary": "Mozilla security researcher Georgi Guninski\nreported that a website could use nsIRDFService and a\ncross-domain redirect to steal arbitrary XML data from another domain,\na violation of the same-origin policy. This vulnerability could be\nused by a malicious website to steal private data from users\nauthenticated to the redirected website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00865", "scoring_system": "epss", "scoring_elements": "0.75427", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488290", "reference_id": "488290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776", "reference_id": "CVE-2009-0776", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-09", "reference_id": "mfsa2009-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" }, { "reference_url": "https://usn.ubuntu.com/728-2/", "reference_id": "USN-728-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-2/" }, { "reference_url": "https://usn.ubuntu.com/728-3/", "reference_id": "USN-728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-3/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0776" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhha-rf3c-dkdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2212?format=api", "vulnerability_id": "VCID-bhv2-kaa4-u3hr", "summary": "A memory corruption flaw leading to code execution was reported by\nsecurity researcher Nils of MWR InfoSecurity during the\n2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative.\nBy moving DOM nodes between documents Nils found a case where the moved\nnode incorrectly retained its old scope. If garbage collection could\nbe triggered at the right time then Firefox would later use this freed\nobject.The contest winning exploit only affects Firefox 3.6\nand not earlier versions.Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and\nThunderbird 3.0 based on earlier versions of the browser\nengine were patched just in case there\nis an alternate way of triggering the underlying flaw.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0465", "scoring_system": "epss", "scoring_elements": "0.89465", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1121" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=577029", "reference_id": "577029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577029" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121", "reference_id": "CVE-2010-1121", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-25", "reference_id": "mfsa2010-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1121" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhv2-kaa4-u3hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2136?format=api", "vulnerability_id": "VCID-bkqh-bg7u-mug1", "summary": "Microsoft Vulnerability Research reported that two\nplugin instances could interact in a way in which one plugin gets a\nreference to an object owned by a second plugin and continues to hold\nthat reference after the second plugin is unloaded and its object is\ndestroyed. In these cases, the first plugin would contain a pointer\nto freed memory which, if accessed, could be used by an attacker to\nexecute arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05287", "scoring_system": "epss", "scoring_elements": "0.90154", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1198" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828", "reference_id": "590828", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198", "reference_id": "CVE-2010-1198", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-28", "reference_id": "mfsa2010-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1198" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkqh-bg7u-mug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2339?format=api", "vulnerability_id": "VCID-bmcs-22gj-nbeq", "summary": "Security researcher Frédéric Hoguin reported two related\nissues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO)\nformat files. When processing a negative \"height\" header value for the bitmap\nimage, a memory corruption can be induced, allowing an attacker to write random\nmemory and cause a crash. This crash may be potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03664", "scoring_system": "epss", "scoring_elements": "0.88084", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851918", "reference_id": "851918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966", "reference_id": "CVE-2012-3966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61", "reference_id": "mfsa2012-61", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmcs-22gj-nbeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2344?format=api", "vulnerability_id": "VCID-bqd9-snzc-b7fj", "summary": "An integer overflow in the libpng library can lead to a heap-buffer\noverflow when decompressing certain PNG images. This leads to a\ncrash, which may be potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43757", "scoring_system": "epss", "scoring_elements": "0.97586", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3026" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=790737", "reference_id": "790737", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026", "reference_id": "CVE-2011-3026", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026" }, { "reference_url": "https://security.gentoo.org/glsa/201206-15", "reference_id": "GLSA-201206-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-15" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-11", "reference_id": "mfsa2012-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0140", "reference_id": "RHSA-2012:0140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0141", "reference_id": "RHSA-2012:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0142", "reference_id": "RHSA-2012:0142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0143", "reference_id": "RHSA-2012:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0317", "reference_id": "RHSA-2012:0317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0317" }, { "reference_url": "https://usn.ubuntu.com/1367-1/", "reference_id": "USN-1367-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-1/" }, { "reference_url": "https://usn.ubuntu.com/1367-2/", "reference_id": "USN-1367-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-2/" }, { "reference_url": "https://usn.ubuntu.com/1367-3/", "reference_id": "USN-1367-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-3/" }, { "reference_url": "https://usn.ubuntu.com/1367-4/", "reference_id": "USN-1367-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3026" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqd9-snzc-b7fj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2578?format=api", "vulnerability_id": "VCID-brj2-m46s-5yb8", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05821", "scoring_system": "epss", "scoring_elements": "0.90662", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2466" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512136", "reference_id": "512136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466", "reference_id": "CVE-2009-2466", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2466" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brj2-m46s-5yb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2343?format=api", "vulnerability_id": "VCID-bs5a-44n6-tug1", "summary": "Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03834", "scoring_system": "epss", "scoring_elements": "0.88353", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877633", "reference_id": "877633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210", "reference_id": "CVE-2012-4210", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-104", "reference_id": "mfsa2012-104", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bs5a-44n6-tug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80811?format=api", "vulnerability_id": "VCID-bt4y-zzfb-3kbc", "summary": "Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05951", "scoring_system": "epss", "scoring_elements": "0.90784", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html", "reference_id": "CVE-2009-2044;OSVDB-56471", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html" }, { "reference_url": "https://www.securityfocus.com/bid/35280/info", "reference_id": "CVE-2009-2044;OSVDB-56471", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35280/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2044" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bt4y-zzfb-3kbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2787?format=api", "vulnerability_id": "VCID-bv7y-5uve-5ffk", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02514", "scoring_system": "epss", "scoring_elements": "0.8564", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0080" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700677", "reference_id": "700677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080", "reference_id": "CVE-2011-0080", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0080" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bv7y-5uve-5ffk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2300?format=api", "vulnerability_id": "VCID-bvph-4hqk-u3ah", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02337", "scoring_system": "epss", "scoring_elements": "0.8511", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5840" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840", "reference_id": "CVE-2012-5840", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5840" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvph-4hqk-u3ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2888?format=api", "vulnerability_id": "VCID-bw9h-t8jr-zfac", "summary": "Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01512", "scoring_system": "epss", "scoring_elements": "0.81504", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003", "reference_id": "CVE-2011-3003", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41", "reference_id": "mfsa2011-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3003" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bw9h-t8jr-zfac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2621?format=api", "vulnerability_id": "VCID-c141-m4yb-zkf3", "summary": "Security researcher David James reported that a\ncontent window which is opened by a chrome window retains a reference\nto the chrome window via the window.opener property. Using\nthis reference, content in the new window can access functions \ninside the chrome window, such as eval, and use these\nfunctions to run arbitrary JavaScript code with chrome privileges. In\na stock Mozilla browser a remote attacker can not cause these application\ndialogs to appear nor to automatically load the attack code that takes advantage\nof this flaw in window.opener. There may be add-ons which open\npotentially hostile web-content in this way, and combined with such an add-on the\nseverity of this flaw could be upgraded to Critical.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01982", "scoring_system": "epss", "scoring_elements": "0.83867", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546724", "reference_id": "546724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986", "reference_id": "CVE-2009-3986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70", "reference_id": "mfsa2009-70", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3986" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c141-m4yb-zkf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2323?format=api", "vulnerability_id": "VCID-c3mx-m2ka-s7fm", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03932", "scoring_system": "epss", "scoring_elements": "0.88521", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3959" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959", "reference_id": "CVE-2012-3959", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3959" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3mx-m2ka-s7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2644?format=api", "vulnerability_id": "VCID-c6uk-gmwa-87e8", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09167", "scoring_system": "epss", "scoring_elements": "0.92818", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488276", "reference_id": "488276", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773", "reference_id": "CVE-2009-0773", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0773" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6uk-gmwa-87e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2208?format=api", "vulnerability_id": "VCID-c7cm-h81n-6fhj", "summary": "Security researcher Martin Barbella reported via\nTippingPoint's Zero Day Initiative that an XSLT node sorting routine\ncontained an integer overflow vulnerability. In cases where one of\nthe nodes to be sorted contained a very large text value, the integer\nused to allocate a memory buffer to store its value would overflow,\nresulting in too small a buffer being created. An attacker could use\nthis vulnerability to write data past the end of the buffer, causing\nthe browser to crash and potentially running arbitrary code on a\nvictim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.42703", "scoring_system": "epss", "scoring_elements": "0.97535", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1199" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833", "reference_id": "590833", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199", "reference_id": "CVE-2010-1199", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py", "reference_id": "CVE-2010-1199", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt", "reference_id": "CVE-2010-1199;OSVDB-65744", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt" }, { "reference_url": "https://www.securityfocus.com/bid/41082/info", "reference_id": "CVE-2010-1199;OSVDB-65744", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/41082/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-30", "reference_id": "mfsa2010-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1199" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c7cm-h81n-6fhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2174?format=api", "vulnerability_id": "VCID-c81m-9s68-zbgx", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03853", "scoring_system": "epss", "scoring_elements": "0.88399", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3176" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642272", "reference_id": "642272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176", "reference_id": "CVE-2010-3176", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64", "reference_id": "mfsa2010-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0780", "reference_id": "RHSA-2010:0780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3176" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c81m-9s68-zbgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2205?format=api", "vulnerability_id": "VCID-cats-tmkd-pbf3", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03233", "scoring_system": "epss", "scoring_elements": "0.87292", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630055", "reference_id": "630055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630055" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169", "reference_id": "CVE-2010-3169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-49", "reference_id": "mfsa2010-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cats-tmkd-pbf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2594?format=api", "vulnerability_id": "VCID-cb3n-ay7x-aff4", "summary": "Security researcher Takehiro Takahashi of the IBM\nX-Force reported that Mozilla's NTLM implementation was vulnerable to\nreflection attacks in which NTLM credentials from one application\ncould be forwarded to another arbitrary application via the browser.\nIf an attacker could get a user to visit a web page he controlled he\ncould force NTLM authenticated requests to be forwarded to another\napplication on behalf of the user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.71528", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546720", "reference_id": "546720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983", "reference_id": "CVE-2009-3983", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-68", "reference_id": "mfsa2009-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1673", "reference_id": "RHSA-2009:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3983" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cb3n-ay7x-aff4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2464?format=api", "vulnerability_id": "VCID-cd4g-54yc-bqhd", "summary": "Perl developer Chip Salzenberg reported that\ncertain control characters, when placed at the beginning of a URL,\nwould lead to incorrect parsing resulting in a malformed URL being\noutput by the parser. IBM researchers Justin Schuh,\nTom Cross, and Peter William also\nreported a related symptom as part of their research that resulted in\nMFSA 2008-37.\n\nThere was no direct security impact from this issue and its effect\nwas limited to the improper rendering of hyperlinks containing\nspecific characters. The severity of this issue was determined to be\nlow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02182", "scoring_system": "epss", "scoring_elements": "0.8463", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5508" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476281", "reference_id": "476281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508", "reference_id": "CVE-2008-5508", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-66", "reference_id": "mfsa2008-66", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-66" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5508" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cd4g-54yc-bqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2789?format=api", "vulnerability_id": "VCID-cfnb-jsaa-a3g2", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88824", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700615", "reference_id": "700615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075", "reference_id": "CVE-2011-0075", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0075" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfnb-jsaa-a3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2151?format=api", "vulnerability_id": "VCID-chve-znmf-w7at", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06395", "scoring_system": "epss", "scoring_elements": "0.91162", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691", "reference_id": "521691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075", "reference_id": "CVE-2009-3075", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3075" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chve-znmf-w7at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2317?format=api", "vulnerability_id": "VCID-ckwu-zacg-d3bj", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87451", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1974" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974", "reference_id": "CVE-2012-1974", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1974" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckwu-zacg-d3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2450?format=api", "vulnerability_id": "VCID-ct5t-awyq-8udv", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77475", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5511" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476285", "reference_id": "476285", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511", "reference_id": "CVE-2008-5511", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68", "reference_id": "mfsa2008-68", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5511" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ct5t-awyq-8udv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2647?format=api", "vulnerability_id": "VCID-ctgf-gs1u-wygc", "summary": "An anonymous researcher, via TippingPoint's Zero Day Initiative\nprogram, reported a vulnerability in Mozilla's garbage collection\nprocess. The vulnerability was caused by improper memory management\nof a set of cloned XUL DOM elements which were linked as a parent and\nchild. After reloading the browser on a page with such linked\nelements, the browser would crash when attempting to access an object\nwhich was already destroyed. An attacker could use this crash to run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06585", "scoring_system": "epss", "scoring_elements": "0.91304", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488287", "reference_id": "488287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775", "reference_id": "CVE-2009-0775", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-08", "reference_id": "mfsa2009-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0775" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctgf-gs1u-wygc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2576?format=api", "vulnerability_id": "VCID-cv76-zkt8-87e3", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17716", "scoring_system": "epss", "scoring_elements": "0.95225", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512133", "reference_id": "512133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464", "reference_id": "CVE-2009-2464", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt", "reference_id": "CVE-2009-2464;OSVDB-56229", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35775/info", "reference_id": "CVE-2009-2464;OSVDB-56229", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35775/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2464" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cv76-zkt8-87e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2806?format=api", "vulnerability_id": "VCID-cyed-u483-qbg3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06165", "scoring_system": "epss", "scoring_elements": "0.90963", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988", "reference_id": "CVE-2011-2988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2988" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyed-u483-qbg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88961?format=api", "vulnerability_id": "VCID-czbz-3q9u-e3dy", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0068" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-czbz-3q9u-e3dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2828?format=api", "vulnerability_id": "VCID-d18j-gp7z-kyfd", "summary": "Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62765", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741917", "reference_id": "741917", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372", "reference_id": "CVE-2011-2372", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40", "reference_id": "mfsa2011-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2372" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d18j-gp7z-kyfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2650?format=api", "vulnerability_id": "VCID-d2bp-jqx3-9kb3", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15845", "scoring_system": "epss", "scoring_elements": "0.94852", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3382" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530569", "reference_id": "530569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382", "reference_id": "CVE-2009-3382", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html", "reference_id": "CVE-2009-3382;OSVDB-59384", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html" }, { "reference_url": "https://www.securityfocus.com/bid/36866/info", "reference_id": "CVE-2009-3382;OSVDB-59384", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/36866/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3382" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d2bp-jqx3-9kb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2433?format=api", "vulnerability_id": "VCID-d964-8bnu-7qdb", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03767", "scoring_system": "epss", "scoring_elements": "0.88236", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5502" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476269", "reference_id": "476269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502", "reference_id": "CVE-2008-5502", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60", "reference_id": "mfsa2008-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5502" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d964-8bnu-7qdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88953?format=api", "vulnerability_id": "VCID-d9m2-xqje-s7am", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15887", "scoring_system": "epss", "scoring_elements": "0.94859", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1828" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html", "reference_id": "OSVDB-56406;CVE-2009-1828", "reference_type": "exploit", "scores": [], "url": "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt", "reference_id": "OSVDB-56406;CVE-2009-1828", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1828" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9m2-xqje-s7am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2635?format=api", "vulnerability_id": "VCID-d9xx-kdwq-6fgg", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05076", "scoring_system": "epss", "scoring_elements": "0.89939", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3979" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546694", "reference_id": "546694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979", "reference_id": "CVE-2009-3979", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1673", "reference_id": "RHSA-2009:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3979" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9xx-kdwq-6fgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2668?format=api", "vulnerability_id": "VCID-dcjk-caxq-a3g3", "summary": "Security researcher Orlando Berrera of Sec Theory\nreported that recursive creation of JavaScript web-workers can be used\nto create a set of objects whose memory could be freed prior to their\nuse. These conditions often result in a crash which could potentially\nbe used by an attacker to run arbitrary code on a victim's\ncomputer.Web Workers were introduced in Firefox 3.5 so this\nvulnerability did not affect earlier releases such as Firefox 3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02682", "scoring_system": "epss", "scoring_elements": "0.86092", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371", "reference_id": "CVE-2009-3371", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-54", "reference_id": "mfsa2009-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-54" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3371" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dcjk-caxq-a3g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2167?format=api", "vulnerability_id": "VCID-depk-81ux-wua9", "summary": "Security researcher Nils of MWR InfoSecurity\nreported that the routine for setting the text value for certain types\nof DOM nodes contained an integer overflow vulnerability. When a very\nlong string was passed to this routine, the integer value used in\ncreating a new memory buffer to hold the string would overflow,\nresulting in too small a buffer being allocated. An attacker could\nuse this vulnerability to write data past the end of the buffer,\ncausing a crash and potentially running arbitrary code on a victim's\ncomputer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05226", "scoring_system": "epss", "scoring_elements": "0.90094", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590830", "reference_id": "590830", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196", "reference_id": "CVE-2010-1196", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-29", "reference_id": "mfsa2010-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1196" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-depk-81ux-wua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2855?format=api", "vulnerability_id": "VCID-desa-fpt9-8qaa", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a method used\nby JSON.stringify contained a use-after-free error in\nwhich a currently in-use pointer was freed and subsequently\ndereferenced. This could lead to arbitrary code execution if an\nattacker was able to store malicious code in the freed section of\nmemory.Mozilla developer Igor Bukanov also independently\ndiscovered and reported this issue two weeks after the initial\nreport was received.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03375", "scoring_system": "epss", "scoring_elements": "0.87577", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675090", "reference_id": "675090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055", "reference_id": "CVE-2011-0055", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-03", "reference_id": "mfsa2011-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0055" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-desa-fpt9-8qaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2340?format=api", "vulnerability_id": "VCID-dfx3-vhn9-fkbh", "summary": "Security researcher Bill Keese reported a memory corruption.\nThis is caused by JSDependentString::undepend changing a dependent string into a\nfixed string when there are additional dependent strings relying on the same\nbase. When the undepend occurs during conversion, the base data is freed,\nleaving other dependent strings with dangling pointers. This can lead to a\npotentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03397", "scoring_system": "epss", "scoring_elements": "0.87612", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840215", "reference_id": "840215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962", "reference_id": "CVE-2012-1962", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-52", "reference_id": "mfsa2012-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1962" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfx3-vhn9-fkbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2883?format=api", "vulnerability_id": "VCID-dk9z-4a47-67g9", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat it was possible for a non-whitelisted site to trigger an install\ndialog for add-ons and themes.This vulnerability was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; it does not affect earlier versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54353", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370", "reference_id": "CVE-2011-2370", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-28", "reference_id": "mfsa2011-28", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-28" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2370" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk9z-4a47-67g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2319?format=api", "vulnerability_id": "VCID-dnur-7qxp-g7g1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03172", "scoring_system": "epss", "scoring_elements": "0.87157", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1976" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976", "reference_id": "CVE-2012-1976", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1976" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnur-7qxp-g7g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2382?format=api", "vulnerability_id": "VCID-dwfw-frsy-tfcr", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01161", "scoring_system": "epss", "scoring_elements": "0.78906", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109", "reference_id": "803109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461", "reference_id": "CVE-2012-0461", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0461" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwfw-frsy-tfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2441?format=api", "vulnerability_id": "VCID-dzph-njyd-1qeu", "summary": "Security researcher Liu Die Yu of\nTopsecTianRongXin reported that locally saved .url shortcut files\ncould be used to read information stored in the local cache. An\nattacker could use this vulnerability to steal information from a\nvictim's browser cache if they were able to get the victim to download\ntwo separate files, a .url shortcut and a HTML file. Given the\nrelative complexity of this attack, the severity of the issue was\ndetermined to be moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.3558", "scoring_system": "epss", "scoring_elements": "0.97145", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4582" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470903", "reference_id": "470903", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582", "reference_id": "CVE-2008-4582", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html", "reference_id": "CVE-2008-4582;OSVDB-49073", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html" }, { "reference_url": "https://www.securityfocus.com/bid/31611/info", "reference_id": "CVE-2008-4582;OSVDB-49073", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/31611/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-47", "reference_id": "mfsa2008-47", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-47" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4582" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzph-njyd-1qeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2157?format=api", "vulnerability_id": "VCID-e1zc-uz7j-vqgf", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that code used to normalize a\ndocument contained a logical flaw that could be leveraged to run\narbitrary code. When the normalization code ran, a static count of\nthe document's child nodes was used in the traversal, so a page could\nbe constructed that would remove DOM nodes during this normalization\nwhich could lead to the accessing of a deleted object and potentially\nthe execution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05221", "scoring_system": "epss", "scoring_elements": "0.90088", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630069", "reference_id": "630069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766", "reference_id": "CVE-2010-2766", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-57", "reference_id": "mfsa2010-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2766" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1zc-uz7j-vqgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2589?format=api", "vulnerability_id": "VCID-e2zn-rn59-gyfv", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the BrowserFeedWriter could be leveraged to run\nJavaScript code from web content with elevated privileges. Using this\nvulnerability, an attacker could construct an object containing\nmalicious JavaScript and cause the FeedWriter to process the object,\nrunning the malicious code with chrome privileges.Thunderbird does not support\nthe BrowserFeedWriter object and is not vulnerable in its\ndefault configuration. Thunderbird might be vulnerable if the user has\ninstalled any add-on which adds a similarly implemented feature and\nthen enables JavaScript in mail messages. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0151", "scoring_system": "epss", "scoring_elements": "0.81493", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3079" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521695", "reference_id": "521695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079", "reference_id": "CVE-2009-3079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-51", "reference_id": "mfsa2009-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2zn-rn59-gyfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2286?format=api", "vulnerability_id": "VCID-e5dd-61fv-efe7", "summary": "Mozilla community member Matias Juntunen discovered an error\nin WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments\nfrom FindMaxUshortElement. This bug causes maximum index to be computed\nincorrectly within WebGL.drawElements, allowing the reading of illegal video\nmemory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72599", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0473" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815023", "reference_id": "815023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473", "reference_id": "CVE-2012-0473", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-26", "reference_id": "mfsa2012-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0473" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5dd-61fv-efe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2291?format=api", "vulnerability_id": "VCID-e8gx-6nqq-xbcx", "summary": "Security researcher Simone Fabiano reported that if a\ncross-site XHR or WebSocket is opened on a web server on a non-standard port for\nweb traffic while using an IPv6 address, the browser will send an ambiguous\norigin headers if the IPv6 address contains at least 2 consecutive 16-bit fields\nof zeroes. If there is an origin access control list that uses IPv6 literals,\nthis issue could be used to bypass these access controls on the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52566", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0475" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187", "reference_id": "815187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475", "reference_id": "CVE-2012-0475", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-28", "reference_id": "mfsa2012-28", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-28" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0475" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8gx-6nqq-xbcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2265?format=api", "vulnerability_id": "VCID-e921-wz2n-cycp", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20011", "scoring_system": "epss", "scoring_elements": "0.95575", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187", "reference_id": "CVE-2012-4187", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4187" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e921-wz2n-cycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2834?format=api", "vulnerability_id": "VCID-ea8w-cmzd-hqan", "summary": "Security researcher Soroush Dalili reported that\nthe resource: protocol could be exploited to allow directory traversal\non Windows and the potential loading of resources from non-permitted\nlocations. The impact would depend on whether interesting files existed\nin predictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01674", "scoring_system": "epss", "scoring_elements": "0.8245", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700635", "reference_id": "700635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071", "reference_id": "CVE-2011-0071", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16", "reference_id": "mfsa2011-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ea8w-cmzd-hqan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2241?format=api", "vulnerability_id": "VCID-ec9h-nv75-tkc6", "summary": "Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.\nUpdate October 9, 2012: This advisory was updated to reflect the fact that bug 756719 was also fixed in ESR 10.0.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73308", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851912", "reference_id": "851912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956", "reference_id": "CVE-2012-1956", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59", "reference_id": "mfsa2012-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1956" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ec9h-nv75-tkc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2324?format=api", "vulnerability_id": "VCID-eftp-v3k7-xkct", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85041", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3960" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960", "reference_id": "CVE-2012-3960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3960" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eftp-v3k7-xkct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2121?format=api", "vulnerability_id": "VCID-embn-ntxv-73bh", "summary": "Mozilla developer Justin Dolske reported that the new\nasynchronous Authorization Prompt (HTTP username and password) was not\nalways attached to the correct window. Although we have not\ndemonstrated this, it may be possible for a malicious page to convince\na user to open a new tab or popup to a trusted service and then have\nthe HTTP authorization prompt from the malicious page appear to be\nthe login prompt for the trusted page. This potential attack is greatly\nmitigated by the fact that very few web sites use HTTP authorization,\npreferring instead to use web forms and cookies.This issue does not affect older versions of Firefox or\nproducts based on the Mozilla browser engine, such as Thunderbird and\nSeaMonkey, using an older version of the engine.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67741", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0172" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172", "reference_id": "CVE-2010-0172", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-15", "reference_id": "mfsa2010-15", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0172" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-embn-ntxv-73bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2307?format=api", "vulnerability_id": "VCID-ermf-rt9s-duhy", "summary": "Mozilla developer Bobby Holley found that same-compartment\nsecurity wrappers (SCSW) can be bypassed by passing them to another compartment.\nCross-compartment wrappers often do not go through SCSW, but have a filtering\npolicy built into them. When an object is wrapped cross-compartment, the SCSW is\nstripped off and, when the object is read read back, it is not known that SCSW\nwas previously present, resulting in a bypassing of SCSW. This could result in\nuntrusted content having access to the XBL that implements browser\nfunctionality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.7643", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1959" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840212", "reference_id": "840212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959", "reference_id": "CVE-2012-1959", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-49", "reference_id": "mfsa2012-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1959" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ermf-rt9s-duhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2783?format=api", "vulnerability_id": "VCID-ess5-nmfb-kygw", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06848", "scoring_system": "epss", "scoring_elements": "0.91493", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079", "reference_id": "CVE-2011-0079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ess5-nmfb-kygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2310?format=api", "vulnerability_id": "VCID-ez55-uvz6-gfh8", "summary": "Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, calls to history.forward and\nhistory.back are used to navigate to a site while displaying the previous site\nin the addressbar but changing the baseURI to the newer site. This can be used\nfor phishing by allowing the user to input form or other data on the newer,\nattacking, site while appearing to be on the older, displayed site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02583", "scoring_system": "epss", "scoring_elements": "0.85821", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1955" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840206", "reference_id": "840206", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955", "reference_id": "CVE-2012-1955", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-45", "reference_id": "mfsa2012-45", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1955" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ez55-uvz6-gfh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2882?format=api", "vulnerability_id": "VCID-f5qs-usvq-7ygn", "summary": "Security researcher Roberto Suggi Liverani\nreported that ParanoidFragmentSink, a class used to\nsanitize potentially unsafe HTML for display,\nallows javascript: URLs and other inline JavaScript when\nthe embedding document is a chrome document. While there are no\nunsafe uses of this class in any released products, extension code\ncould have potentially used it in an unsafe manner.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01466", "scoring_system": "epss", "scoring_elements": "0.81198", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1585" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675094", "reference_id": "675094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585", "reference_id": "CVE-2010-1585", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08", "reference_id": "mfsa2011-08", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5qs-usvq-7ygn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2168?format=api", "vulnerability_id": "VCID-f7b5-ehbj-m7eq", "summary": "Google security researcher Michal Zalewski\nreported that when a window was opened to a site resulting in a\nnetwork or certificate error page, the opening site could access the\ndocument inside the opened window and inject arbitrary content. An\nattacker could use this bug to spoof the location bar and trick a user\ninto thinking they were on a different site than they actually\nwere.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77452", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660438", "reference_id": "660438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774", "reference_id": "CVE-2010-3774", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-83", "reference_id": "mfsa2010-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3774" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7b5-ehbj-m7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2417?format=api", "vulnerability_id": "VCID-fj5e-3c6k-2qc7", "summary": "Security researcher David Bloom reported that the\nbrowser's session restore feature can be used to violate the\nsame-origin policy and run JavaScript in the context of another site.\nAny otherwise unexploitable crash can be used to force the user into the\nsession restore state Mozilla security researcher moz_bug_r_a4 demonstrated that\nthis vulnerability could also be used by an attacker to run arbitrary\nJavaScript with chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12823", "scoring_system": "epss", "scoring_elements": "0.9414", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5019" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470889", "reference_id": "470889", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470889" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019", "reference_id": "CVE-2008-5019", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-53", "reference_id": "mfsa2008-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5019" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fj5e-3c6k-2qc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2218?format=api", "vulnerability_id": "VCID-fjd2-qz3j-quct", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0442", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01441", "scoring_system": "epss", "scoring_elements": "0.81034", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0442" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=785085", "reference_id": "785085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442", "reference_id": "CVE-2012-0442", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01", "reference_id": "mfsa2012-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0084", "reference_id": "RHSA-2012:0084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0085", "reference_id": "RHSA-2012:0085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0085" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0442" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjd2-qz3j-quct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2877?format=api", "vulnerability_id": "VCID-fjza-kzrj-h7bf", "summary": "Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08632", "scoring_system": "epss", "scoring_elements": "0.92563", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654", "reference_id": "CVE-2011-3654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48", "reference_id": "mfsa2011-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3654" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjza-kzrj-h7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2813?format=api", "vulnerability_id": "VCID-fkcd-dn21-k3aa", "summary": "Alex Miller reported that when very long strings\nwere constructed and inserted into an HTML document, the browser would\nincorrectly construct the layout objects used to display the text.\nUnder such conditions an incorrect length would be calculated for a\ntext run resulting in too small of a memory buffer being allocated to\nstore the text. This issue could be used by an attacker to write data\npast the end of the buffer and execute malicious code on a victim's\ncomputer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07784", "scoring_system": "epss", "scoring_elements": "0.92084", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675143", "reference_id": "675143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058", "reference_id": "CVE-2011-0058", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-07", "reference_id": "mfsa2011-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0058" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fkcd-dn21-k3aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2175?format=api", "vulnerability_id": "VCID-fm6v-97ps-qkb1", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03233", "scoring_system": "epss", "scoring_elements": "0.87292", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642275", "reference_id": "642275", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175", "reference_id": "CVE-2010-3175", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64", "reference_id": "mfsa2010-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3175" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fm6v-97ps-qkb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2381?format=api", "vulnerability_id": "VCID-fmxb-m3xe-y7hd", "summary": "Anne van Kesteren of Opera Software found a \nmulti-octet encoding issue where certain octets will destroy the following\noctets in the processing of some multibyte character sets. This can leave users\nvulnerable to cross-site scripting (XSS) attacks on maliciously crafted web\npages.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72828", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0471" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815021", "reference_id": "815021", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471", "reference_id": "CVE-2012-0471", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-24", "reference_id": "mfsa2012-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0471" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmxb-m3xe-y7hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2279?format=api", "vulnerability_id": "VCID-fnqu-d93p-nyht", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05001", "scoring_system": "epss", "scoring_elements": "0.89858", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1954" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954", "reference_id": "CVE-2012-1954", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1954" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnqu-d93p-nyht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2469?format=api", "vulnerability_id": "VCID-fshd-5yva-8yc8", "summary": "Justin Schuh of the IBM X-Force reported a flaw in\nthe way Mozilla parses the http-index-format MIME type. By sending a\nspecially crafted 200 header line in the HTTP index response, an\nattacker can cause the browser to crash and run arbitrary code on the\nvictim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14498", "scoring_system": "epss", "scoring_elements": "0.94558", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470892", "reference_id": "470892", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470892" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017", "reference_id": "CVE-2008-0017", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-54", "reference_id": "mfsa2008-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-0017" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fshd-5yva-8yc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2276?format=api", "vulnerability_id": "VCID-fu4j-atx7-p3by", "summary": "Mozilla community member Alice White reported that when the\nGetProperty function is invoked through JSAPI, security checking\ncan be bypassed when getting cross-origin properties. This potentially allowed\nfor arbitrary code execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80889", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3991" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863621", "reference_id": "863621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991", "reference_id": "CVE-2012-3991", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-81", "reference_id": "mfsa2012-81", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-81" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3991" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fu4j-atx7-p3by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2272?format=api", "vulnerability_id": "VCID-fw1w-z9qg-2uef", "summary": "Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00964", "scoring_system": "epss", "scoring_elements": "0.76846", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893", "reference_id": "869893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196", "reference_id": "CVE-2012-4196", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90", "reference_id": "mfsa2012-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1407", "reference_id": "RHSA-2012:1407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1413", "reference_id": "RHSA-2012:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1413" }, { "reference_url": "https://usn.ubuntu.com/1620-1/", "reference_id": "USN-1620-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-1/" }, { "reference_url": "https://usn.ubuntu.com/1620-2/", "reference_id": "USN-1620-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4196" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fw1w-z9qg-2uef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71457?format=api", "vulnerability_id": "VCID-fwc9-m2qd-eua6", "summary": "firefox: Does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47519", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=761550", "reference_id": "761550", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761550" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-4688" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwc9-m2qd-eua6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2657?format=api", "vulnerability_id": "VCID-fwmk-3y43-hyhv", "summary": "Andrej Andolsek reported that when Firefox\nreceives a reply from a SOCKS5 proxy which contains a DNS name longer\nthan 15 characters, the subsequent data stream in the response can\nbecome corrupted. There was no evidence of memory corruption,\nhowever, and the severity of the issue was determined to be low.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.86034", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512145", "reference_id": "512145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470", "reference_id": "CVE-2009-2470", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-38", "reference_id": "mfsa2009-38", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2470" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwmk-3y43-hyhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2293?format=api", "vulnerability_id": "VCID-g214-2v75-dfd2", "summary": "Security researchers Mario Gomes and Soroush\nDalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01216", "scoring_system": "epss", "scoring_elements": "0.79324", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840225", "reference_id": "840225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965", "reference_id": "CVE-2012-1965", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-55", "reference_id": "mfsa2012-55", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1965" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g214-2v75-dfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2349?format=api", "vulnerability_id": "VCID-g2cj-8shy-uqcc", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06289", "scoring_system": "epss", "scoring_elements": "0.91078", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1941" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843", "reference_id": "827843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941", "reference_id": "CVE-2012-1941", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1941" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2cj-8shy-uqcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2115?format=api", "vulnerability_id": "VCID-g7fv-ggv2-aqhn", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit. This reference could subsequently be accessed, potentially\ncausing the execution of attacker controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01551", "scoring_system": "epss", "scoring_elements": "0.8172", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1208" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615458", "reference_id": "615458", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208", "reference_id": "CVE-2010-1208", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-35", "reference_id": "mfsa2010-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7fv-ggv2-aqhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2198?format=api", "vulnerability_id": "VCID-g8pv-awkj-5bh8", "summary": "Security researcher echo reported that a web page\ncould open a window with an about:blank location and then inject an\n<isindex> element into that page which upon submission would\nredirect to a chrome: document. The effect of this defect was that\nthe original page would wind up with a reference to a\nchrome-privileged object, the opened window, which could be leveraged\nfor privilege escalation attacks.Mozilla security researcher moz_bug_r_a4 provided\nproof-of-concept code demonstrating how the above vulnerability could\nbe used to run arbitrary code with chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02236", "scoring_system": "epss", "scoring_elements": "0.84816", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660417", "reference_id": "660417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771", "reference_id": "CVE-2010-3771", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-76", "reference_id": "mfsa2010-76", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-76" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3771" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8pv-awkj-5bh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2237?format=api", "vulnerability_id": "VCID-g8ty-gg8e-nug5", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03504", "scoring_system": "epss", "scoring_elements": "0.87816", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4181" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181", "reference_id": "CVE-2012-4181", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4181" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ty-gg8e-nug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2298?format=api", "vulnerability_id": "VCID-g9e6-nygw-wydy", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04114", "scoring_system": "epss", "scoring_elements": "0.88792", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4216" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216", "reference_id": "CVE-2012-4216", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4216" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g9e6-nygw-wydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2370?format=api", "vulnerability_id": "VCID-gb3u-y5z4-hyb7", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a use-after-free in the IME State Manager code. This could lead to a\npotentially exploitable crash. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06071", "scoring_system": "epss", "scoring_elements": "0.90885", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863628", "reference_id": "863628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990", "reference_id": "CVE-2012-3990", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-87", "reference_id": "mfsa2012-87", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-87" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3990" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gb3u-y5z4-hyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70733?format=api", "vulnerability_id": "VCID-gch6-jznq-jqfs", "summary": "Mozilla: SPDY information disclosure (MFSA 2012-73)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=859827", "reference_id": "859827", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859827" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3977" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gch6-jznq-jqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2159?format=api", "vulnerability_id": "VCID-gesr-3egw-kydd", "summary": "Google security researcher Chris Evans reported\nthat data can be read across domains by injecting bogus CSS selectors\ninto a target site and then retrieving the data using JavaScript APIs.\nIf an attacker can inject opening and closing portions of a CSS\nselector into points A and B of a target page, then the region between\nthe two injection points becomes readable to JavaScript through, for\nexample, the getComputedStyle() API.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.7241", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=568231", "reference_id": "568231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=568231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654", "reference_id": "CVE-2010-0654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-46", "reference_id": "mfsa2010-46", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0654" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gesr-3egw-kydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2651?format=api", "vulnerability_id": "VCID-gm28-kdg7-bbgm", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05615", "scoring_system": "epss", "scoring_elements": "0.90464", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383", "reference_id": "CVE-2009-3383", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3383" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gm28-kdg7-bbgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2280?format=api", "vulnerability_id": "VCID-gqcx-9dd1-y7ev", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01416", "scoring_system": "epss", "scoring_elements": "0.80869", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1953" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953", "reference_id": "CVE-2012-1953", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1953" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqcx-9dd1-y7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2669?format=api", "vulnerability_id": "VCID-gsqx-hgzq-77a3", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat it is possible to create a document whose URI does not match the\ndocument's principal using XMLHttpRequest. This type of\nmismatch leads to incorrect results in principal-based security\nchecks. An attacker could use this vulnerability to execute arbitrary\nJavaScript within the context of another site.moz_bug_r_a4 separately reported\nthat XPCNativeWrapper.toString's\n__proto__ comes from the wrong scope which results in\ncalls to that function being executed in the wrong context in certain\ncircumstances. An attacker could use this vulnerability to run\narbitrary code within the context of a different site. Alternatively,\nif chrome were to call content.toString.call(), then\nattacker-defined functions could be run with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01757", "scoring_system": "epss", "scoring_elements": "0.82906", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1309" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267", "reference_id": "496267", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309", "reference_id": "CVE-2009-1309", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-19", "reference_id": "mfsa2009-19", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1309" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsqx-hgzq-77a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2152?format=api", "vulnerability_id": "VCID-h14f-dndv-g3db", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04749", "scoring_system": "epss", "scoring_elements": "0.89595", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3072" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688", "reference_id": "521688", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072", "reference_id": "CVE-2009-3072", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3072" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h14f-dndv-g3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88948?format=api", "vulnerability_id": "VCID-h2c2-87br-k7h9", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2007-2436" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2c2-87br-k7h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2169?format=api", "vulnerability_id": "VCID-h2zb-y8qu-rkhm", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a nsDOMAttribute\nnode can be modified without informing the iterator object responsible\nfor various DOM traversals. This flaw could lead to a inconsistent\nstate where the iterator points to an object it believes is part of\nthe DOM but actually points to some other object. If such an object\nhad been deleted and its memory reclaimed by the system, then the\niterator could be used to call into attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07145", "scoring_system": "epss", "scoring_elements": "0.91681", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660429", "reference_id": "660429", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766", "reference_id": "CVE-2010-3766", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-80", "reference_id": "mfsa2010-80", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-80" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3766" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2zb-y8qu-rkhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2881?format=api", "vulnerability_id": "VCID-h32a-d7jh-m7dq", "summary": "Security researcher Aki Helin reported a potentially\nexploitable crash in the YARR regular expression library used by JavaScript.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07734", "scoring_system": "epss", "scoring_elements": "0.92054", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232", "reference_id": "CVE-2011-3232", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-42", "reference_id": "mfsa2011-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-42" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3232" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h32a-d7jh-m7dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2369?format=api", "vulnerability_id": "VCID-h3nn-6nww-fubf", "summary": "Security researcher Karthikeyan Bhargavan of Prosecco at\nINRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP\nviolation reports generated by Firefox and sent to the \"report-uri\" location\ninclude sensitive data within the \"blocked-uri\" parameter. These include\nfragment components and query strings even if the \"blocked-uri\" parameter has a\ndifferent origin than the protected resource. This can be used to retrieve a\nuser's OAuth 2.0 access tokens and OpenID credentials by malicious sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01487", "scoring_system": "epss", "scoring_elements": "0.81339", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1963" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840220", "reference_id": "840220", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963", "reference_id": "CVE-2012-1963", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-53", "reference_id": "mfsa2012-53", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1963" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h3nn-6nww-fubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2238?format=api", "vulnerability_id": "VCID-h632-fbq3-uqh5", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04752", "scoring_system": "epss", "scoring_elements": "0.89599", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182", "reference_id": "CVE-2012-4182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h632-fbq3-uqh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2341?format=api", "vulnerability_id": "VCID-hb8p-k984-2bbb", "summary": "Security researcher David Bloom of Cue discovered that\n<select> elements are always-on-top chromeless windows and\nthat navigation away from a page with an active <select> menu\ndoes not remove this window.When another menu is opened programmatically on a\nnew page, the original <select> menu can be retained and\narbitrary HTML content within it rendered, allowing an attacker to cover\narbitrary portions of the new page through absolute positioning/scrolling,\nleading to spoofing attacks. Security researcher Jordi Chancel\nfound a variation that would allow for click-jacking attacks was well.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01951", "scoring_system": "epss", "scoring_elements": "0.83758", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616", "reference_id": "863616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984", "reference_id": "CVE-2012-3984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-75", "reference_id": "mfsa2012-75", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-75" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3984" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hb8p-k984-2bbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2166?format=api", "vulnerability_id": "VCID-hcjp-8k4f-fuhf", "summary": "Security researcher Alexander Miller reported that\npassing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22551", "scoring_system": "epss", "scoring_elements": "0.95941", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642277", "reference_id": "642277", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179", "reference_id": "CVE-2010-3179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html", "reference_id": "CVE-2010-3179;OSVDB-68850", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html" }, { "reference_url": "https://www.securityfocus.com/bid/44247/info", "reference_id": "CVE-2010-3179;OSVDB-68850", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/44247/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-65", "reference_id": "mfsa2010-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3179" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hcjp-8k4f-fuhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2832?format=api", "vulnerability_id": "VCID-hdy1-ad14-9bdr", "summary": "Daniel Kozlowski reported that a\nJavaScript Worker could be used to keep a reference to an\nobject that could be freed during garbage collection. Subsequent\ncalls through this deleted reference could cause attacker-controlled\nmemory to be executed on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03949", "scoring_system": "epss", "scoring_elements": "0.88543", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675093", "reference_id": "675093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057", "reference_id": "CVE-2011-0057", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-06", "reference_id": "mfsa2011-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0057" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdy1-ad14-9bdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2311?format=api", "vulnerability_id": "VCID-heem-dnwk-ufby", "summary": "Google developer Tony Payne reported an out of bounds (OOB)\nread in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67977", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1960" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840213", "reference_id": "840213", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960", "reference_id": "CVE-2012-1960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-50", "reference_id": "mfsa2012-50", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-50" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1960" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-heem-dnwk-ufby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2622?format=api", "vulnerability_id": "VCID-hfwt-3n83-8yaz", "summary": "Security researcher Prateek Saxena reported that a\nmalicious MozSearch plugin could be created using a javascript: URI in\nthe SearchForm value. This URI is used as the default\nlanding page when an empty search is performed. If an attacker could\nget a user to install the malicious plugin and perform an empty\nsearch, the SearchForm javascript: URI would be executed\nwithin the context of the currently open page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75342", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1310" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496270", "reference_id": "496270", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310", "reference_id": "CVE-2009-1310", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-20", "reference_id": "mfsa2009-20", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1310" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfwt-3n83-8yaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2846?format=api", "vulnerability_id": "VCID-hm86-1bfs-uub7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67968", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990", "reference_id": "CVE-2011-2990", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2990" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm86-1bfs-uub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2144?format=api", "vulnerability_id": "VCID-hnqn-9dyg-fyaf", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06167", "scoring_system": "epss", "scoring_elements": "0.90964", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590810", "reference_id": "590810", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202", "reference_id": "CVE-2010-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnqn-9dyg-fyaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2282?format=api", "vulnerability_id": "VCID-hpes-a26j-eubg", "summary": "magicant starmen reported that if a user chooses to\nexport their Firefox Sync key the \"Firefox Recovery Key.html\" file is\nsaved with incorrect permissions, making the file contents potentially\nreadable by other users on Linux and OS X systems.\nFirefox 3.6 is not affected by this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21751", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450", "reference_id": "CVE-2012-0450", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-09", "reference_id": "mfsa2012-09", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-09" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0450" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpes-a26j-eubg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2790?format=api", "vulnerability_id": "VCID-hq8b-hhzz-zyag", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700613", "reference_id": "700613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077", "reference_id": "CVE-2011-0077", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0077" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hq8b-hhzz-zyag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71605?format=api", "vulnerability_id": "VCID-hs89-asjt-xqdy", "summary": "nss: /pkcs11.txt and /secmod.db files read on initialization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56923", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614", "reference_id": "647614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=748379", "reference_id": "748379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=748379" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3640" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs89-asjt-xqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2209?format=api", "vulnerability_id": "VCID-huw3-d12r-6yb5", "summary": "Security researcher Yosuke Hasegawa reported that\nthe Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript. This is a violation of the same-origin policy and could\nbe used by an attacker to steal information from other sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40141", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1213" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615471", "reference_id": "615471", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213", "reference_id": "CVE-2010-1213", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-42", "reference_id": "mfsa2010-42", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1213" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-huw3-d12r-6yb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2614?format=api", "vulnerability_id": "VCID-hvvv-dc2z-r7ed", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03284", "scoring_system": "epss", "scoring_elements": "0.87404", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743", "reference_id": "552743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378", "reference_id": "CVE-2009-3378", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3378" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvvv-dc2z-r7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2603?format=api", "vulnerability_id": "VCID-hw8a-1fyr-5uda", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06345", "scoring_system": "epss", "scoring_elements": "0.91124", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521690", "reference_id": "521690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074", "reference_id": "CVE-2009-3074", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3074" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hw8a-1fyr-5uda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2791?format=api", "vulnerability_id": "VCID-hx1c-5urc-q7ar", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0078" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700603", "reference_id": "700603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700603" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078", "reference_id": "CVE-2011-0078", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0078" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hx1c-5urc-q7ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2141?format=api", "vulnerability_id": "VCID-hxra-yff9-r3fr", "summary": "Mozilla developer Daniel Holbert reported that the\nfix to the plugin parameter array crash that was fixed in Firefox\n3.6.7 caused a crash showing signs of memory corruption. In certain\ncircumstances, properties in the plugin instance's parameter array\ncould be freed prematurely leaving a dangling pointer that the plugin\ncould execute, potentially calling into attacker-controlled\nmemory.Firefox 3.5.11 was also affected by the regression\nbut the equivalent pointer was always initialized to NULL and \nnot exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2755", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10163", "scoring_system": "epss", "scoring_elements": "0.93233", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=617657", "reference_id": "617657", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=617657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755", "reference_id": "CVE-2010-2755", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-48", "reference_id": "mfsa2010-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0556", "reference_id": "RHSA-2010:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0557", "reference_id": "RHSA-2010:0557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0558", "reference_id": "RHSA-2010:0558", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0558" }, { "reference_url": "https://usn.ubuntu.com/930-6/", "reference_id": "USN-930-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-6/" }, { "reference_url": "https://usn.ubuntu.com/957-2/", "reference_id": "USN-957-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2755" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxra-yff9-r3fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78386?format=api", "vulnerability_id": "VCID-j2cc-ej51-4fat", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66281", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5822" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5822" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2cc-ej51-4fat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2375?format=api", "vulnerability_id": "VCID-j2te-qzzx-kkay", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02405", "scoring_system": "epss", "scoring_elements": "0.85328", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000", "reference_id": "815000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467", "reference_id": "CVE-2012-0467", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20", "reference_id": "mfsa2012-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0467" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2te-qzzx-kkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2884?format=api", "vulnerability_id": "VCID-j5hf-agzm-8bfj", "summary": "Mozilla developer Bas Schouten reported that the\nintroduction of the \"Azure\" graphics back-end on Windows in Firefox 7\nre-introduced the cross-origin data theft issue reported by\nnasalislarvatus3000 as described in \nMFSA 2011-29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49748", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649", "reference_id": "CVE-2011-3649", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-50", "reference_id": "mfsa2011-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-50" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3649" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5hf-agzm-8bfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2612?format=api", "vulnerability_id": "VCID-j86k-vcuv-5uhe", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07", "scoring_system": "epss", "scoring_elements": "0.91594", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3377" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=531770", "reference_id": "531770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377", "reference_id": "CVE-2009-3377", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j86k-vcuv-5uhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2886?format=api", "vulnerability_id": "VCID-jh6n-bau7-byhg", "summary": "Mozilla developer Boris Zbarsky reported that a frame\nnamed \"location\" could shadow the window.location object unless a\nscript in a page grabbed a reference to the true object before the frame\nwas created. Because some plugins use the value of window.location to determine\nthe page origin this could fool the plugin into granting the plugin content\naccess to another site or the local file system in violation of the Same Origin\nPolicy. This flaw allows circumvention of the fix added for\nMFSA 2010-10.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72835", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2999" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741904", "reference_id": "741904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999", "reference_id": "CVE-2011-2999", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-38", "reference_id": "mfsa2011-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1343", "reference_id": "RHSA-2011:1343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1344", "reference_id": "RHSA-2011:1344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1344" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2999" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jh6n-bau7-byhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2447?format=api", "vulnerability_id": "VCID-jhgh-37q6-17fm", "summary": "Security researcher Billy Hoffman discovered a bug in the XBM decoder that allowed random small chunks of uninitialized memory to be read. The severity of this bug was low and did not appear to cause any memory corruption.Firefox 3 is not affected by this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80007", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463251", "reference_id": "463251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463251" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069", "reference_id": "CVE-2008-4069", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-45", "reference_id": "mfsa2008-45", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4069" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhgh-37q6-17fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2192?format=api", "vulnerability_id": "VCID-jjg5-q8kj-yyg9", "summary": "Security researcher Eduardo Vela Nava reported that\nif a web page opened a new window and used a javascript: URL to make a\nmodal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another web site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.75272", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642294", "reference_id": "642294", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178", "reference_id": "CVE-2010-3178", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-69", "reference_id": "mfsa2010-69", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3178" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjg5-q8kj-yyg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2306?format=api", "vulnerability_id": "VCID-jjza-54cz-9kcg", "summary": "Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a\ndata: URL. In this issue, context menu functionality (\"View Image\", \"Show only this frame\", and \"View background image\") are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01351", "scoring_system": "epss", "scoring_elements": "0.80397", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840207", "reference_id": "840207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966", "reference_id": "CVE-2012-1966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-46", "reference_id": "mfsa2012-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjza-54cz-9kcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2624?format=api", "vulnerability_id": "VCID-jkjk-6r2p-jbcu", "summary": "Mozilla developer Blake Kaplan reported\nthat setTimeout, when called with certain object\nparameters which should be protected with\na XPCNativeWrapper, will fail to keep the object wrapped\nwhen compiling the new function to be executed. If chrome privileged\ncode were to call setTimeout using this as\nan argument, the this object will lose its wrapper and\ncould be unsafely accessed by chrome code. An attacker could use such\nvulnerable code to run arbitrary JavaScript with chrome\nprivileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02113", "scoring_system": "epss", "scoring_elements": "0.8439", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2471" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512146", "reference_id": "512146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471", "reference_id": "CVE-2009-2471", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-39", "reference_id": "mfsa2009-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2471" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkjk-6r2p-jbcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2451?format=api", "vulnerability_id": "VCID-jkxv-jgzt-yue7", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04686", "scoring_system": "epss", "scoring_elements": "0.8951", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5512" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476287", "reference_id": "476287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512", "reference_id": "CVE-2008-5512", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68", "reference_id": "mfsa2008-68", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5512" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkxv-jgzt-yue7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2118?format=api", "vulnerability_id": "VCID-jn2a-9g3e-pqc4", "summary": "Google security researcher Michal Zalewski\nreported that focus() could be used to change a user's\ncursor focus while they are typing, potentially directing their\nkeyboard input to an unintended location. This behavior was also\npresent across origins when content from one domain was embedded\nwithin another via an iframe. A malicious web page could use this\nbehavior to steal keystrokes from a victim while they were typing\nsensitive information such as a password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02114", "scoring_system": "epss", "scoring_elements": "0.84391", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1125" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=577584", "reference_id": "577584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577584" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125", "reference_id": "CVE-2010-1125", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-31", "reference_id": "mfsa2010-31", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1125" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jn2a-9g3e-pqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88956?format=api", "vulnerability_id": "VCID-jrca-ffpb-yuhd", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.5353", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2065" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2065" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrca-ffpb-yuhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2643?format=api", "vulnerability_id": "VCID-junk-cvrr-h3ey", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07324", "scoring_system": "epss", "scoring_elements": "0.91803", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488273", "reference_id": "488273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772", "reference_id": "CVE-2009-0772", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" }, { "reference_url": "https://usn.ubuntu.com/728-2/", "reference_id": "USN-728-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-2/" }, { "reference_url": "https://usn.ubuntu.com/728-3/", "reference_id": "USN-728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-3/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0772" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-junk-cvrr-h3ey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2587?format=api", "vulnerability_id": "VCID-jx4t-39du-9khz", "summary": "Mozilla add-on developer and community member Wladimir\nPalant reported that content-loading policies were not\nchecked before loading external script files into XUL documents.\nThe severity of this problem would depend on the reasons behind the\ncontent policy check, which include privacy from \"web bugs\" in\nThunderbird mail messages, blocking of Ads and Ad-server tracking\nin AdBlock Plus.The original version of this advisory incorrectly claimed\nthat NoScript protection could by bypassed; NoScript was unaffected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80651", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1840" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503582", "reference_id": "503582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503582" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840", "reference_id": "CVE-2009-1840", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-31", "reference_id": "mfsa2009-31", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1840" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jx4t-39du-9khz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78391?format=api", "vulnerability_id": "VCID-jy4c-hf8h-zbg3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10859", "scoring_system": "epss", "scoring_elements": "0.93493", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html", "reference_id": "OSVDB-52657;CVE-2009-0071", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jy4c-hf8h-zbg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2471?format=api", "vulnerability_id": "VCID-jzxs-ubpc-kkhq", "summary": "Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed. The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped. This issue could potentially be used to bypass naive script filtering and used in an XSS attack. This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01204", "scoring_system": "epss", "scoring_elements": "0.79244", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4066" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463243", "reference_id": "463243", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463243" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066", "reference_id": "CVE-2008-4066", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43", "reference_id": "mfsa2008-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4066" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzxs-ubpc-kkhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2658?format=api", "vulnerability_id": "VCID-jzxt-hzwv-a3ay", "summary": "Security researcher Juan Pablo Lopez Yacubian\nreported that the default Windows font used to render the locationbar\nand other text fields was improperly displaying certain Unicode\ncharacters with tall line-height. In such cases the tall line-height\nwould cause the rest of the text in the input field to be scrolled\nvertically out of view. An attacker could use this vulnerability to\nprevent a user from seeing the URL of a malicious site.Corrie Sloot also independently reported this\nissue to Mozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01724", "scoring_system": "epss", "scoring_elements": "0.82725", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3078" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521694", "reference_id": "521694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078", "reference_id": "CVE-2009-3078", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-50", "reference_id": "mfsa2009-50", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3078" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzxt-hzwv-a3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2636?format=api", "vulnerability_id": "VCID-k4bn-xfgy-a3en", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04407", "scoring_system": "epss", "scoring_elements": "0.89178", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980", "reference_id": "CVE-2009-3980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3980" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4bn-xfgy-a3en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2591?format=api", "vulnerability_id": "VCID-k6sa-x522-yba2", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15734", "scoring_system": "epss", "scoring_elements": "0.94829", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1392" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568", "reference_id": "503568", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392", "reference_id": "CVE-2009-1392", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1392" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6sa-x522-yba2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2277?format=api", "vulnerability_id": "VCID-k7qg-pc6m-3fde", "summary": "Vitaly Nevgen reported that an attacker could replace a\nsub-frame in another domain's document by using the name attribute of the\nsub-frame as a form submission target. This can potentially allow for phishing\nattacks against users and violates the HTML5 frame navigation policy.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67742", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0445" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445", "reference_id": "CVE-2012-0445", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-03", "reference_id": "mfsa2012-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-03" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0445" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7qg-pc6m-3fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2271?format=api", "vulnerability_id": "VCID-k8gc-ufm1-9ffn", "summary": "Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00962", "scoring_system": "epss", "scoring_elements": "0.76793", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4195" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893", "reference_id": "869893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195", "reference_id": "CVE-2012-4195", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90", "reference_id": "mfsa2012-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1407", "reference_id": "RHSA-2012:1407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1413", "reference_id": "RHSA-2012:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1413" }, { "reference_url": "https://usn.ubuntu.com/1620-1/", "reference_id": "USN-1620-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-1/" }, { "reference_url": "https://usn.ubuntu.com/1620-2/", "reference_id": "USN-1620-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4195" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8gc-ufm1-9ffn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2421?format=api", "vulnerability_id": "VCID-k9js-qqg1-pyfh", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20193", "scoring_system": "epss", "scoring_elements": "0.95605", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5018" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470884", "reference_id": "470884", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018", "reference_id": "CVE-2008-5018", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52", "reference_id": "mfsa2008-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5018" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k9js-qqg1-pyfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88958?format=api", "vulnerability_id": "VCID-ka4t-w5r8-43hu", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47687", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3400" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3400" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ka4t-w5r8-43hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2868?format=api", "vulnerability_id": "VCID-kevz-hbn8-4ybv", "summary": "sczimmer reported a crash when scaling an OGG\n<video> element to extreme sizes.\nFirefox 3.6 is not affected by this vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03707", "scoring_system": "epss", "scoring_elements": "0.88158", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3665" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665", "reference_id": "CVE-2011-3665", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-58", "reference_id": "mfsa2011-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-58" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3665" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kevz-hbn8-4ybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2219?format=api", "vulnerability_id": "VCID-kkaz-32r9-4fhc", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\narbitrary code execution attack using a javascript: URL. The Gecko\nengine features a JavaScript sandbox utility that allows the browser or add-ons\nto safely execute script in the context of a web page. In certain cases,\njavascript: URLs are executed in such a sandbox with insufficient\ncontext that can allow those scripts to escape from the sandbox and run with\nelevated privilege. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03399", "scoring_system": "epss", "scoring_elements": "0.87615", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1967" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840259", "reference_id": "840259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967", "reference_id": "CVE-2012-1967", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-56", "reference_id": "mfsa2012-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1967" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkaz-32r9-4fhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2596?format=api", "vulnerability_id": "VCID-knbx-h6rk-9qfu", "summary": "Mozilla discovered several bugs in liboggplay which posed potential\nmemory safety issues. The bugs which were fixed could potentially be\nused by an attacker to crash a victim's browser and execute arbitrary\ncode on their computer.Audio and Video capabilities were added to the Mozilla browser\nengine in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of\nthese products were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02632", "scoring_system": "epss", "scoring_elements": "0.85943", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3388" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=548539", "reference_id": "548539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548539" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743", "reference_id": "575743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388", "reference_id": "CVE-2009-3388", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-66", "reference_id": "mfsa2009-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-66" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3388" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knbx-h6rk-9qfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2847?format=api", "vulnerability_id": "VCID-knur-edxh-4ydw", "summary": "Independent security researcher Kuza55 and\nMicrosoft security researcher Tom Gallagher reported\nthat when plugin-initiated requests receive a 307 redirect response,\nthe plugin is not notified and the request is forwarded to the new\nlocation. This is true even for cross-site redirects, so any custom\nheaders that were added as part of the initial request would be\nforwarded intact across origins. This poses a CSRF risk for web\napplications that rely on custom headers only being present in\nrequests from their own origin.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45732", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0059" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=681369", "reference_id": "681369", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681369" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059", "reference_id": "CVE-2011-0059", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-10", "reference_id": "mfsa2011-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0313", "reference_id": "RHSA-2011:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0313" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0059" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knur-edxh-4ydw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2633?format=api", "vulnerability_id": "VCID-kr3x-4kyw-rbcv", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the XPCOM utility XPCVariant::VariantDataToJS\nunwrapped doubly-wrapped objects before returning them to chrome\ncallers. This could result in chrome privileged code calling methods\non an object which had previously been created or modified by web\ncontent, potentially executing malicious JavaScript code with chrome\nprivileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75789", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3374" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530157", "reference_id": "530157", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374", "reference_id": "CVE-2009-3374", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-57", "reference_id": "mfsa2009-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3374" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kr3x-4kyw-rbcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2593?format=api", "vulnerability_id": "VCID-ksst-4srh-c3eu", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1037", "scoring_system": "epss", "scoring_elements": "0.93322", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570", "reference_id": "503570", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833", "reference_id": "CVE-2009-1833", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1833" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksst-4srh-c3eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2199?format=api", "vulnerability_id": "VCID-kts9-w6sz-kkbj", "summary": "Security researcher wushi of team509 reported that\nthe frame construction process for certain types of menus could result\nin a menu containing a pointer to a previously freed menu item.\nDuring the cycle collection process, this freed item could be accessed,\nresulting in the execution of a section of code potentially controlled\nby an attacker.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.90113", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590822", "reference_id": "590822", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183", "reference_id": "CVE-2010-0183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-27", "reference_id": "mfsa2010-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0183" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kts9-w6sz-kkbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2419?format=api", "vulnerability_id": "VCID-kufy-1tyw-4qa2", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21255", "scoring_system": "epss", "scoring_elements": "0.95776", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470881", "reference_id": "470881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016", "reference_id": "CVE-2008-5016", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52", "reference_id": "mfsa2008-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5016" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kufy-1tyw-4qa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2653?format=api", "vulnerability_id": "VCID-kvaw-h1xw-vuf5", "summary": "Security researchers Adam Barth and Collin\nJackson reported that when a file: resource is\nloaded via the location bar it inherits the principal of the\npreviously loaded document. This vulnerability can potentially give\nthe newly loaded document additional privileges to access the contents\nof other local files that it wouldn't otherwise have permission to read.\nA potential victim would first have to have downloaded the attackers\ndocument to their local machine. Then the victim would have to open another\ndocument in a directory of interest to the attacker before opening the\nattacker's file in the same window.\nPrior to version 3.0, Firefox (like browsers from other\nvendors) treated all local files as having the same origin without\nrestriction. This vulnerability is a partial bypass of the restrictions\nimplemented in Firefox 3.0", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15161", "scoring_system": "epss", "scoring_elements": "0.94708", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503581", "reference_id": "503581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839", "reference_id": "CVE-2009-1839", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html", "reference_id": "CVE-2009-1839;OSVDB-55163", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-30", "reference_id": "mfsa2009-30", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1839" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvaw-h1xw-vuf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2173?format=api", "vulnerability_id": "VCID-kvg8-pa7m-2bfg", "summary": "Security researcher Richard Moore reported that\nwhen an SSL certificate was created with a common name containing a\nwildcard followed by a partial IP address a valid SSL connection could be\nestablished with a server whose IP address matched the wildcard range\nby browsing directly to the IP address. It is extremely unlikely that\nsuch a certificate would be issued by a Certificate Authority.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01158", "scoring_system": "epss", "scoring_elements": "0.7888", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3170" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630047", "reference_id": "630047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170", "reference_id": "CVE-2010-3170", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-70", "reference_id": "mfsa2010-70", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-70" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0862", "reference_id": "RHSA-2010:0862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0862" }, { "reference_url": "https://usn.ubuntu.com/1007-1/", "reference_id": "USN-1007-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1007-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3170" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvg8-pa7m-2bfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2440?format=api", "vulnerability_id": "VCID-kws9-mf7a-syh8", "summary": "Mozilla developer Georgi Guninski reported that\nthe canvas element could be used in conjunction with an HTTP redirect\nto bypass same-origin restrictions and gain access to the content in\narbitrary images from other domains. This vulnerability could be used\nby an attacker to steal private information from a victim who is\nlogged into a website that stores the data in images.Security researchers Michal Zalewski\nand Chris Evans also reported an additional threat\ncaused by this vulnerability in which an attacker can enumerate the\nsoftware installed on a victim's computer by using moz-icon as the\nredirection target.Firefox 3 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05969", "scoring_system": "epss", "scoring_elements": "0.90796", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5012" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470864", "reference_id": "470864", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012", "reference_id": "CVE-2008-5012", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-48", "reference_id": "mfsa2008-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5012" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kws9-mf7a-syh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2430?format=api", "vulnerability_id": "VCID-kzjq-mq5p-w7em", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in\nnsXMLHttpRequest::NotifyEventListeners() could be\nbypassed. This vulnerability could be used to execute JavaScript in\nthe context of a different website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13446", "scoring_system": "epss", "scoring_elements": "0.94316", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5022" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470895", "reference_id": "470895", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022", "reference_id": "CVE-2008-5022", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-56", "reference_id": "mfsa2008-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5022" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzjq-mq5p-w7em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74937?format=api", "vulnerability_id": "VCID-m29z-y4um-wqbf", "summary": "security flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18653", "scoring_system": "epss", "scoring_elements": "0.95381", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5052" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618336", "reference_id": "1618336", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618336" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5052" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m29z-y4um-wqbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2313?format=api", "vulnerability_id": "VCID-m7sq-29rx-pff5", "summary": "Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8084", "scoring_system": "epss", "scoring_elements": "0.9917", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3993" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623", "reference_id": "863623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993", "reference_id": "CVE-2012-3993", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb", "reference_id": "CVE-2012-3993;OSVDB-96019;CVE-2013-1710", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb", "reference_id": "CVE-2012-3993;OSVDB-96019;CVE-2013-1710", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83", "reference_id": "mfsa2012-83", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3993" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7sq-29rx-pff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2325?format=api", "vulnerability_id": "VCID-mbgs-b2qj-ukg1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02093", "scoring_system": "epss", "scoring_elements": "0.8431", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961", "reference_id": "CVE-2012-3961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbgs-b2qj-ukg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2793?format=api", "vulnerability_id": "VCID-mcy6-z48m-tufs", "summary": "David Remahl of Apple Product Security reported\nthat the Java Embedding Plugin (JEP) shipped with the Mac OS X versions\nof Firefox could be exploited to obtain elevated access to resources on\na user's system.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60376", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076", "reference_id": "CVE-2011-0076", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15", "reference_id": "mfsa2011-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0076" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mcy6-z48m-tufs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2179?format=api", "vulnerability_id": "VCID-mfbd-41mr-7kg5", "summary": "Security researcher regenrecht reported (via TippingPoint's\nZero Day Initiative) a potential reuse of a deleted image frame in Firefox\n3.6's handling of multipart/x-mixed-replace images. Although\nno exploit was shown, re-use of freed memory has led to exploitable\nvulnerabilities in the past.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07524", "scoring_system": "epss", "scoring_elements": "0.91929", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164", "reference_id": "CVE-2010-0164", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-09", "reference_id": "mfsa2010-09", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfbd-41mr-7kg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2425?format=api", "vulnerability_id": "VCID-mftz-nzj1-hudz", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02887", "scoring_system": "epss", "scoring_elements": "0.86551", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4063" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463203", "reference_id": "463203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063", "reference_id": "CVE-2008-4063", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4063" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mftz-nzj1-hudz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2236?format=api", "vulnerability_id": "VCID-mh43-ax68-gkhz", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09485", "scoring_system": "epss", "scoring_elements": "0.92957", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180", "reference_id": "CVE-2012-4180", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4180" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mh43-ax68-gkhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2852?format=api", "vulnerability_id": "VCID-mj22-p5cg-43c3", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86331", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2364" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364", "reference_id": "CVE-2011-2364", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2364" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj22-p5cg-43c3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2833?format=api", "vulnerability_id": "VCID-mm8q-zcef-e3g1", "summary": "sczimmer reported that Firefox crashed when loading\na particular .ogg file. This was due to a use-after-free\ncondition and could potentially be exploited to install malware.\nThis vulnerability does not affect Firefox 3.6 or earlier.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89071", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005", "reference_id": "CVE-2011-3005", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-44", "reference_id": "mfsa2011-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-44" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3005" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mm8q-zcef-e3g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2786?format=api", "vulnerability_id": "VCID-mmc8-9gbv-fbat", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88824", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700640", "reference_id": "700640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070", "reference_id": "CVE-2011-0070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0070" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmc8-9gbv-fbat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2158?format=api", "vulnerability_id": "VCID-mmw9-8yss-vke8", "summary": "Security researcher Ilja van Sprundel of IOActive\nreported that the Content-Disposition: attachment HTTP\nheader was ignored when Content-Type: multipart was also\npresent. This issue could potentially lead to XSS problems in sites\nthat allow users to upload arbitrary files and specify a Content-Type\nbut rely on Content-Disposition: attachment to prevent\nthe content from being displayed inline.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01032", "scoring_system": "epss", "scoring_elements": "0.77638", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850", "reference_id": "590850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197", "reference_id": "CVE-2010-1197", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-32", "reference_id": "mfsa2010-32", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1197" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmw9-8yss-vke8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2239?format=api", "vulnerability_id": "VCID-ms5v-jk9f-dkbd", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.86181", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183", "reference_id": "CVE-2012-4183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4183" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ms5v-jk9f-dkbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2598?format=api", "vulnerability_id": "VCID-n4t4-2b9j-hqa1", "summary": "Mozilla add-on developer and community member Wladimir\nPalant reported broken functionality on pages that had a\nLink: HTTP header when an add-on was installed\nwhich implemented a Content Policy in JavaScript, such\nas AdBlock Plus or NoScript. Mozilla security\nresearcher moz_bug_r_a4 demonstrated that the broken\nfunctionality was due to the window's global object\nreceiving an incorrect security wrapper and that this issue could be\nused to execute arbitrary JavaScript with chrome privileges.This vulnerability does not affect Firefox\nprior to version 3.5", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80476", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665", "reference_id": "CVE-2009-2665", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-46", "reference_id": "mfsa2009-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2665" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4t4-2b9j-hqa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2283?format=api", "vulnerability_id": "VCID-n5sw-3tyh-nbcm", "summary": "Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.7427", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877625", "reference_id": "877625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205", "reference_id": "CVE-2012-4205", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-97", "reference_id": "mfsa2012-97", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-97" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5sw-3tyh-nbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2655?format=api", "vulnerability_id": "VCID-n5xr-5qvw-2yah", "summary": "Security researcher Nils reported via\nTippingPoint's Zero Day Initiative that the XUL tree\nmethod _moveToEdgeShift was in some cases triggering\ngarbage collection routines on objects which were still in use. In\nsuch cases, the browser would crash when attempting to access a\npreviously destroyed object and this crash could be used by an\nattacker to run arbitrary code on a victim's computer.This vulnerability was used by the reporter to win the\n2009 CanSecWest Pwn2Own contest.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07842", "scoring_system": "epss", "scoring_elements": "0.92112", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1044" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=492212", "reference_id": "492212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=492212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044", "reference_id": "CVE-2009-1044", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-13", "reference_id": "mfsa2009-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0397", "reference_id": "RHSA-2009:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0398", "reference_id": "RHSA-2009:0398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0398" }, { "reference_url": "https://usn.ubuntu.com/745-1/", "reference_id": "USN-745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1044" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5xr-5qvw-2yah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2353?format=api", "vulnerability_id": "VCID-n747-sujq-tqgf", "summary": "Mozilla community member Daniel Glazman of Disruptive\nInnovations reported a crash when accessing a keyframe's cssText after dynamic\nmodification. This crash may be potentially exploitable.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03436", "scoring_system": "epss", "scoring_elements": "0.87683", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0459" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803112", "reference_id": "803112", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459", "reference_id": "CVE-2012-0459", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-17", "reference_id": "mfsa2012-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0459" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n747-sujq-tqgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2221?format=api", "vulnerability_id": "VCID-n7vg-xm1u-qkcq", "summary": "Security researcher Mark Poticha reported an issue where\nincorrect SSL certificate information can be displayed on the addressbar,\nshowing the SSL data for a previous site while another has been loaded. This is\ncaused by two onLocationChange events being fired out of the expected order,\nleading to the displayed certificate data to not be updated. This can be used\nfor phishing attacks by allowing the user to input form or other data on a\nnewer, attacking, site while the credentials of an older site appear on the\naddressbar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.73923", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3976" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851931", "reference_id": "851931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976", "reference_id": "CVE-2012-3976", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-69", "reference_id": "mfsa2012-69", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3976" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7vg-xm1u-qkcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2230?format=api", "vulnerability_id": "VCID-n9a3-1qv2-6yfw", "summary": "Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75469", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4192" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=865283", "reference_id": "865283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192", "reference_id": "CVE-2012-4192", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89", "reference_id": "mfsa2012-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89" }, { "reference_url": "https://usn.ubuntu.com/1608-1/", "reference_id": "USN-1608-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1608-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4192" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9a3-1qv2-6yfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88963?format=api", "vulnerability_id": "VCID-najm-etj8-sffz", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.70247", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1994" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1994" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-najm-etj8-sffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2454?format=api", "vulnerability_id": "VCID-ncyn-54s5-yqcw", "summary": "ling and wushi of team509, via\nTippingPoint's Zero Day Initiative program, reported a flaw in part of\nMozilla's DOM constructing code. This vulnerability can be exploited\nby modifying certain properties of a file input element before it has\nfinished initializing. When the blur method of the\nmodified input element is called, uninitialized memory is accessed by\nthe browser, resulting in a crash. This crash may be used by an\nattacker to run arbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23762", "scoring_system": "epss", "scoring_elements": "0.96097", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470894", "reference_id": "470894", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470894" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021", "reference_id": "CVE-2008-5021", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-55", "reference_id": "mfsa2008-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5021" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ncyn-54s5-yqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2866?format=api", "vulnerability_id": "VCID-nd55-spy5-9qau", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.81161", "scoring_system": "epss", "scoring_elements": "0.99184", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0073" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700619", "reference_id": "700619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073", "reference_id": "CVE-2011-0073", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip", "reference_id": "CVE-2011-0073;OSVDB-72087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb", "reference_id": "CVE-2011-0073;OSVDB-72087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-11-157/", "reference_id": "CVE-2011-0073;OSVDB-72087", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-157/" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0073" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nd55-spy5-9qau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2321?format=api", "vulnerability_id": "VCID-nesy-7bkx-87ax", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02961", "scoring_system": "epss", "scoring_elements": "0.86719", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957", "reference_id": "CVE-2012-3957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3957" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nesy-7bkx-87ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73917?format=api", "vulnerability_id": "VCID-nf5h-hc8m-gyax", "summary": "Seamonkey: NULL pointer dereference in GIF decoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71852", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3978" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=547292", "reference_id": "547292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547292" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3978" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf5h-hc8m-gyax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2188?format=api", "vulnerability_id": "VCID-nhbn-aqde-vue5", "summary": "Mozilla cryptographer Nelson Bolyard reported that\nthe SSL implementation was permitting servers to use Diffie-Hellman\nEphemeral mode (DHE) with too short of a minimum key length. DHE keys\nof such lengths are trivially breakable on modern hardware so SSL\nservers operating in this mode were providing very little effective\nsecurity for their clients.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02315", "scoring_system": "epss", "scoring_elements": "0.85043", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3173" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642302", "reference_id": "642302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173", "reference_id": "CVE-2010-3173", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-72", "reference_id": "mfsa2010-72", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-72" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://usn.ubuntu.com/1007-1/", "reference_id": "USN-1007-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1007-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3173" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbn-aqde-vue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2444?format=api", "vulnerability_id": "VCID-nhpz-urjv-bfet", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects. moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object. These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02018", "scoring_system": "epss", "scoring_elements": "0.84036", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4060" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463198", "reference_id": "463198", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463198" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060", "reference_id": "CVE-2008-4060", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41", "reference_id": "mfsa2008-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4060" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhpz-urjv-bfet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2348?format=api", "vulnerability_id": "VCID-nkdg-ez7k-7qdh", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03035", "scoring_system": "epss", "scoring_elements": "0.86893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843", "reference_id": "827843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940", "reference_id": "CVE-2012-1940", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1940" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkdg-ez7k-7qdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88960?format=api", "vulnerability_id": "VCID-nnck-qb21-3ueg", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-5074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39132", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-5074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-5074" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnck-qb21-3ueg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2119?format=api", "vulnerability_id": "VCID-nqeq-nees-u3dk", "summary": "Security researcher Paul Stone reported that when\nan HTML selection containing JavaScript is copy-and-pasted or dropped\nonto a document with designMode enabled the JavaScript will be\nexecuted within the context of the site where the code was dropped. A\nmalicious site could leverage this issue in an XSS attack by\npersuading a user into taking such an action and in the process\nrunning malicious JavaScript within the context of another site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01267", "scoring_system": "epss", "scoring_elements": "0.79772", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630075", "reference_id": "630075", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769", "reference_id": "CVE-2010-2769", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-62", "reference_id": "mfsa2010-62", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2769" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqeq-nees-u3dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2620?format=api", "vulnerability_id": "VCID-nwhc-qysh-3qfk", "summary": "Security researcher Gregory Fleischer reported\nthat the exception messages generated by\nMozilla's GeckoActiveXObject differ based on whether or\nnot the requested COM object's ProgID is present in the system\nregistry. A malicious site could use this vulnerability to enumerate\na list of COM objects installed on a user's system and create a\nprofile to track the user across browsing sessions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00812", "scoring_system": "epss", "scoring_elements": "0.74547", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3987" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546729", "reference_id": "546729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987", "reference_id": "CVE-2009-3987", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-71", "reference_id": "mfsa2009-71", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-71" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3987" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwhc-qysh-3qfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2623?format=api", "vulnerability_id": "VCID-nwkn-p5sh-jbhk", "summary": "Mozilla add-on developer Pavel Cvrcek reported\nthat certain invalid unicode characters, when used as part of an IDN,\nare displayed as whitespace in the location bar. This whitespace\ncould be used to force part of the URL out of view in the location\nbar. An attacker could use this vulnerability to spoof the location\nbar and display a misleading URL for their malicious web page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1834", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11374", "scoring_system": "epss", "scoring_elements": "0.9367", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1834" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503573", "reference_id": "503573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834", "reference_id": "CVE-2009-1834", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt", "reference_id": "CVE-2009-1834;OSVDB-55162", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35388/info", "reference_id": "CVE-2009-1834;OSVDB-55162", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35388/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25", "reference_id": "mfsa2009-25", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1834" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwkn-p5sh-jbhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2862?format=api", "vulnerability_id": "VCID-nxgs-2jdy-sbbp", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87676", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581", "reference_id": "714581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363", "reference_id": "CVE-2011-2363", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2363" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxgs-2jdy-sbbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2134?format=api", "vulnerability_id": "VCID-nyu8-zhfr-ubhx", "summary": "Security researcher Haifei Li of FortiGuard Labs\nreported that Firefox could be used to load a malicious code library\nthat had been planted on a victim's computer. Firefox attempts to\nload dwmapi.dll upon startup as part of its platform detection, so on\nsystems that don't have this library, such as Windows XP, Firefox will\nsubsequently attempt to load the library from the current working\ndirectory. An attacker could use this vulnerability to trick a user\ninto downloading a HTML file and a malicious copy of dwmapi.dll into\nthe same directory on their computer and opening the HTML file with\nFirefox, thus causing the malicious code to be executed. If the\nattacker was on the same network as the victim, the malicious DLL\ncould also be loaded via a UNC path. This DLL is only loaded at\nstartup so a successful attack requires that Firefox not currently\nbe running when it is asked to open the HTML\nfile and accompanying DLL.This issue was also independently reported to Mozilla\nby Acros Security. After the issue became public a\nnumber of other community members contacted Mozilla to report the\nissue.Firefox users on Windows Vista or Windows 7\nwere not vulnerable to this attack because dwmapi.dll is part\nof the OS in Vista and later versions and the legitimate copy\nis successfully loaded by\nFirefox before attempting to load the planted DLL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10225", "scoring_system": "epss", "scoring_elements": "0.93263", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131", "reference_id": "CVE-2010-3131", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c", "reference_id": "CVE-2010-3131;OSVDB-67502", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c", "reference_id": "CVE-2010-3131;OSVDB-67502", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-52", "reference_id": "mfsa2010-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyu8-zhfr-ubhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2640?format=api", "vulnerability_id": "VCID-p51y-by4w-qyd7", "summary": "An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, reported that the columns of a XUL tree element could be\nmanipulated in a particular way which would leave a pointer owned by\nthe column pointing to freed memory. An attacker could potentially\nuse this vulnerability to crash a victim's browser and run arbitrary\ncode on the victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.903", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693", "reference_id": "521693", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077", "reference_id": "CVE-2009-3077", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-49", "reference_id": "mfsa2009-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3077" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p51y-by4w-qyd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2232?format=api", "vulnerability_id": "VCID-p5zn-r2n7-8ugt", "summary": "Security researcher Paul Stone reported an attack where an\nHTML page hosted on a Windows share and then loaded could then load Windows\nshortcut files (.lnk) in the same share. These shortcut files could then link to\narbitrary locations on the local file system of the individual loading the HTML\npage. That page could show the contents of these linked files or directories\nfrom the local file system in an iframe, causing information disclosure.\nThis issue could potentially affect Linux machines with samba\nshares enabled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40971", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1945" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827831", "reference_id": "827831", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945", "reference_id": "CVE-2012-1945", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-37", "reference_id": "mfsa2012-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1945" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5zn-r2n7-8ugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2393?format=api", "vulnerability_id": "VCID-p6xe-qepz-7kez", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\ncertain security checks in the location object can be bypassed if chrome code is\ncalled content in a specific manner. This allowed for the loading of restricted\ncontent. This can be combined with other issues to become potentially\nexploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01292", "scoring_system": "epss", "scoring_elements": "0.79982", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3978" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851937", "reference_id": "851937", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851937" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978", "reference_id": "CVE-2012-3978", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70", "reference_id": "mfsa2012-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3978" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6xe-qepz-7kez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2278?format=api", "vulnerability_id": "VCID-pc3m-3w52-9yb1", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03397", "scoring_system": "epss", "scoring_elements": "0.87612", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1951" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951", "reference_id": "CVE-2012-1951", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1951" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pc3m-3w52-9yb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2579?format=api", "vulnerability_id": "VCID-pgt7-k439-dyby", "summary": "Security researcher PenPal reported a crash\ninvolving a SVG element on which a watch function\nand __defineSetter__ function have been set for a\nparticular property. The crash showed evidence of memory corruption\nand could potentially be used by an attacker to run arbitrary code on\na victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0647", "scoring_system": "epss", "scoring_elements": "0.91221", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2469" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512142", "reference_id": "512142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469", "reference_id": "CVE-2009-2469", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-37", "reference_id": "mfsa2009-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2469" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgt7-k439-dyby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2804?format=api", "vulnerability_id": "VCID-pgty-eyet-87gt", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06676", "scoring_system": "epss", "scoring_elements": "0.9137", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985", "reference_id": "CVE-2011-2985", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2985" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgty-eyet-87gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2335?format=api", "vulnerability_id": "VCID-phx6-pmuh-8bdr", "summary": "Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74253", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0456" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116", "reference_id": "803116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456", "reference_id": "CVE-2012-0456", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14", "reference_id": "mfsa2012-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0456" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phx6-pmuh-8bdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2863?format=api", "vulnerability_id": "VCID-phyz-e3br-qffu", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87676", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0085" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581", "reference_id": "714581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085", "reference_id": "CVE-2011-0085", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0085" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phyz-e3br-qffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2116?format=api", "vulnerability_id": "VCID-pkky-dzgj-2qay", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the\nway <option> elements are inserted into a XUL\ntree <optgroup>. In certain cases, the number of\nreferences to an <option> element is under-counted so\nthat when the element is deleted, a live pointer to its old location\nis kept around and may later be used. An attacker could potentially\nuse these conditions to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05361", "scoring_system": "epss", "scoring_elements": "0.9022", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0176" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578150", "reference_id": "578150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176", "reference_id": "CVE-2010-0176", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-18", "reference_id": "mfsa2010-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0176" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkky-dzgj-2qay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2182?format=api", "vulnerability_id": "VCID-pq8y-auvb-mkgw", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06912", "scoring_system": "epss", "scoring_elements": "0.91532", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660415", "reference_id": "660415", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777", "reference_id": "CVE-2010-3777", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74", "reference_id": "mfsa2010-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0969", "reference_id": "RHSA-2010:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0969" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3777" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq8y-auvb-mkgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2358?format=api", "vulnerability_id": "VCID-ps3u-nesw-myaw", "summary": "Security researcher Mario Gomes andresearch firm\nCode Audit Labs reported a mechanism to short-circuit page\nloads through drag and drop to the addressbar by canceling the page load. This\ncauses the address of the previously site entered to be displayed in the\naddressbar instead of the currently loaded page. This could lead to potential\nphishing attacks on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02775", "scoring_system": "epss", "scoring_elements": "0.86295", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840203", "reference_id": "840203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950", "reference_id": "CVE-2012-1950", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-43", "reference_id": "mfsa2012-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1950" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ps3u-nesw-myaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2800?format=api", "vulnerability_id": "VCID-ptfk-cy8g-wyef", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07005", "scoring_system": "epss", "scoring_elements": "0.91598", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991", "reference_id": "CVE-2011-2991", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2991" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptfk-cy8g-wyef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88954?format=api", "vulnerability_id": "VCID-pwuc-1qfh-wue2", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03735", "scoring_system": "epss", "scoring_elements": "0.88197", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2043" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt", "reference_id": "CVE-2009-2043;OSVDB-55197", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35413/info", "reference_id": "CVE-2009-2043;OSVDB-55197", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35413/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2043" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwuc-1qfh-wue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2129?format=api", "vulnerability_id": "VCID-q19p-umh9-rydp", "summary": "Security researcher wushi of team509 reported a\nheap buffer overflow in code routines responsible for transforming\ntext runs. A page could be constructed with a bidirectional text run\nwhich upon reflow could result in an incorrect length being calculated\nfor the run of text. When this value is subsequently used to allocate\nmemory for the text too small a buffer may be created potentially\nresulting in a buffer overflow and the execution of attacker\ncontrolled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05962", "scoring_system": "epss", "scoring_elements": "0.90793", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3166" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630061", "reference_id": "630061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630061" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166", "reference_id": "CVE-2010-3166", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-53", "reference_id": "mfsa2010-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3166" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q19p-umh9-rydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2361?format=api", "vulnerability_id": "VCID-q3gb-89sm-8yc3", "summary": "Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the \"~\" character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79872", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4207" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877629", "reference_id": "877629", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207", "reference_id": "CVE-2012-4207", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-101", "reference_id": "mfsa2012-101", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4207" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3gb-89sm-8yc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2346?format=api", "vulnerability_id": "VCID-q4xw-urcg-83bw", "summary": "Mozilla developer Matt Brubeck reported that\nwindow.fullScreen is writeable by untrusted content now that the DOM fullscreen\nAPI is enabled. Because window.fullScreen does not include\nmozRequestFullscreen's security protections, it could be used for UI spoofing.\nThis code change makes window.fullScreen read only by untrusted content, forcing\nthe use of the DOM fullscreen API in normal usage.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01798", "scoring_system": "epss", "scoring_elements": "0.83093", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0460" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803111", "reference_id": "803111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460", "reference_id": "CVE-2012-0460", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-18", "reference_id": "mfsa2012-18", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0460" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4xw-urcg-83bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2654?format=api", "vulnerability_id": "VCID-q8zq-w7zs-h3gp", "summary": "Moxie Marlinspike reported a heap overflow vulnerability\nin the code that handles regular expressions in certificate names. This\nvulnerability could be used to compromise the browser and run arbitrary code\nby presenting a specially crafted certificate to the client. This code\nprovided compatibility with the non-standard regular expression syntax\nhistorically supported by Netscape clients and servers. With version 3.5\nFirefox switched to the more limited industry-standard wildcard syntax\ninstead and is not vulnerable to this flaw.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21024", "scoring_system": "epss", "scoring_elements": "0.9574", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2404" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912", "reference_id": "512912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934", "reference_id": "539934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404", "reference_id": "CVE-2009-2404", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-43", "reference_id": "mfsa2009-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1184", "reference_id": "RHSA-2009:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1185", "reference_id": "RHSA-2009:1185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1186", "reference_id": "RHSA-2009:1186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1190", "reference_id": "RHSA-2009:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1207", "reference_id": "RHSA-2009:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1207" }, { "reference_url": "https://usn.ubuntu.com/810-1/", "reference_id": "USN-810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2404" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8zq-w7zs-h3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2398?format=api", "vulnerability_id": "VCID-qemc-854g-kfgx", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nan additional variation on the feed preview vulnerabilities\nfixed in Firefox 2.0.0.17.\nmoz_bug_r_a4 demonstrated that it was still possible to\nuse the feed preview as a vector for JavaScript privilege escalation.\nAn attacker could use this issue to run arbitrary JavaScript with\nchrome privileges.Firefox 3 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03153", "scoring_system": "epss", "scoring_elements": "0.87121", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5504" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476273", "reference_id": "476273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504", "reference_id": "CVE-2008-5504", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-62", "reference_id": "mfsa2008-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5504" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qemc-854g-kfgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2821?format=api", "vulnerability_id": "VCID-qfe3-wddm-c7ee", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04955", "scoring_system": "epss", "scoring_elements": "0.89808", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2378" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730521", "reference_id": "730521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378", "reference_id": "CVE-2011-2378", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1166", "reference_id": "RHSA-2011:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1166" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2378" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qfe3-wddm-c7ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2389?format=api", "vulnerability_id": "VCID-qg3e-xxn8-eqc5", "summary": "Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01381", "scoring_system": "epss", "scoring_elements": "0.80588", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877617", "reference_id": "877617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836", "reference_id": "CVE-2012-5836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-94", "reference_id": "mfsa2012-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-94" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qg3e-xxn8-eqc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2585?format=api", "vulnerability_id": "VCID-qj9j-vc8m-1uhp", "summary": "Security researcher Juan Pablo Lopez Yacubian\nreported that an attacker could call window.open() on an\ninvalid URL which looks similar to a legitimate URL and then\nuse document.write() to place content within the new\ndocument, appearing to have come from the spoofed location.\nAdditionally, if the spoofed document was created by a document with a\nvalid SSL certificate, the SSL indicators would be carried over into\nthe spoofed document. An attacker could use these issues to display\nmisleading location and SSL information for a malicious web page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13196", "scoring_system": "epss", "scoring_elements": "0.94247", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521311", "reference_id": "521311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654", "reference_id": "CVE-2009-2654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html", "reference_id": "CVE-2009-2654;OSVDB-56717", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html" }, { "reference_url": "https://www.securityfocus.com/bid/35803/info", "reference_id": "CVE-2009-2654;OSVDB-56717", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35803/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-44", "reference_id": "mfsa2009-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://usn.ubuntu.com/811-1/", "reference_id": "USN-811-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/811-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2654" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qj9j-vc8m-1uhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2342?format=api", "vulnerability_id": "VCID-qkw1-m8aa-2qgn", "summary": "Security researcher Jeroen van der Gun reported that if RSS\nor Atom XML invalid content is loaded over HTTPS, the addressbar updates to\ndisplay the new location of the loaded resource, including SSL indicators, while\nthe main window still displays the previously loaded content. This allows for\nphishing attacks where a malicious page can spoof the identify of another\nseemingly secure site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.7391", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815044", "reference_id": "815044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479", "reference_id": "CVE-2012-0479", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-33", "reference_id": "mfsa2012-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0479" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkw1-m8aa-2qgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2784?format=api", "vulnerability_id": "VCID-qmh7-fvnc-tqhn", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04704", "scoring_system": "epss", "scoring_elements": "0.89531", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0081" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700676", "reference_id": "700676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081", "reference_id": "CVE-2011-0081", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0081" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmh7-fvnc-tqhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2139?format=api", "vulnerability_id": "VCID-qn4t-s1ek-vkcm", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that\nwhen window.__lookupGetter__ is called with no arguments\nthe code assumes the top JavaScript stack value is a property name.\nSince there were no arguments passed into the function, the top value\ncould represent uninitialized memory or a pointer to a previously\nfreed JavaScript object. Under such circumstances the value is passed\nto another subroutine which calls through the dangling pointer,\npotentially executing attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06976", "scoring_system": "epss", "scoring_elements": "0.91578", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642286", "reference_id": "642286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183", "reference_id": "CVE-2010-3183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-67", "reference_id": "mfsa2010-67", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-67" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3183" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4t-s1ek-vkcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2374?format=api", "vulnerability_id": "VCID-qns8-fjf9-13fr", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02458", "scoring_system": "epss", "scoring_elements": "0.85486", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0468" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000", "reference_id": "815000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468", "reference_id": "CVE-2012-0468", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20", "reference_id": "mfsa2012-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0468" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qns8-fjf9-13fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2812?format=api", "vulnerability_id": "VCID-qtwn-s22a-zufy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59674", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2986" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986", "reference_id": "CVE-2011-2986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2986" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtwn-s22a-zufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2583?format=api", "vulnerability_id": "VCID-qwt7-qwnt-5qan", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat a chrome XBL method can be used in conjunction\nwith window.eval to execute arbitrary JavaScript within\nthe context of another website, violating the same origin policy.Firefox 2 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.7416", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483142", "reference_id": "483142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354", "reference_id": "CVE-2009-0354", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-02", "reference_id": "mfsa2009-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0354" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwt7-qwnt-5qan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2131?format=api", "vulnerability_id": "VCID-qyxv-c1m4-pbc7", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04086", "scoring_system": "epss", "scoring_elements": "0.88754", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615466", "reference_id": "615466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753", "reference_id": "CVE-2010-2753", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40", "reference_id": "mfsa2010-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54", "reference_id": "mfsa2010-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2753" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qyxv-c1m4-pbc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2844?format=api", "vulnerability_id": "VCID-qzad-6448-1qcf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58557", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993", "reference_id": "CVE-2011-2993", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2993" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzad-6448-1qcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73584?format=api", "vulnerability_id": "VCID-r1w6-3h83-eue3", "summary": "webkit: stylesheet URL property leaks redirection target", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63479", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0648" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=568170", "reference_id": "568170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=568170" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0648" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1w6-3h83-eue3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2611?format=api", "vulnerability_id": "VCID-r4hv-qrsj-77gz", "summary": "Security researcher Marco C. reported a flaw in\nthe parsing of regular expressions used in Proxy Auto-configuration\n(PAC) files. In certain cases this flaw could be used by an attacker\nto crash a victim's browser and run arbitrary code on their computer.\nSince this vulnerability requires the victim to have PAC configured in\ntheir environment with specific regular expressions which can trigger\nthe crash, the severity of the issue was determined to be\nmoderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02124", "scoring_system": "epss", "scoring_elements": "0.84429", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530155", "reference_id": "530155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372", "reference_id": "CVE-2009-3372", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55", "reference_id": "mfsa2009-55", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3372" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4hv-qrsj-77gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2830?format=api", "vulnerability_id": "VCID-r8vx-y8mz-hqcu", "summary": "Security researcher Mario Heiderich reported it was\npossible to use SVG animation accessKey events to detect\nkey strokes even when JavaScript was disabled. Since web pages can normally\ndetect key events through script and most users have scripting enabled this\ndoes not present a risk for most users. In contexts where the user knows\nscripting is disabled (reading mail, for example, or NoScript users) this\ncould allow a malicious web page to fool a user into interacting with\na prompt thinking it came from the browser or mail program.\n\nAccessing remote content is disabled by default When reading mail in\nThunderbird and SeaMonkey. Successfully capturing keystrokes remotely would\nrequire some social engineering to convince the user to turn it on.\n\nSVG animation is not supported in Thunderbird 3.1 or Firefox 3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76787", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3663" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663", "reference_id": "CVE-2011-3663", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-56", "reference_id": "mfsa2011-56", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-56" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3663" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8vx-y8mz-hqcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2153?format=api", "vulnerability_id": "VCID-rb1h-hqfc-hkfq", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04113", "scoring_system": "epss", "scoring_elements": "0.88792", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2463" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512131", "reference_id": "512131", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463", "reference_id": "CVE-2009-2463", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2463" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rb1h-hqfc-hkfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2823?format=api", "vulnerability_id": "VCID-rd8u-nbex-d7hp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01538", "scoring_system": "epss", "scoring_elements": "0.81655", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730522", "reference_id": "730522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984", "reference_id": "CVE-2011-2984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2984" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8u-nbex-d7hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2656?format=api", "vulnerability_id": "VCID-reea-m7yc-47e8", "summary": "Mozilla contributor Masahiro Yamada reported that\ncertain invisible control characters were being decoded when displayed\nin the location bar, resulting in fewer visible characters than were\npresent in the actual location. An attacker could use this\nvulnerability to spoof the location bar and display a misleading URL\nfor their malicious web page.The initial version of this advisory incorrectly listed\nThunderbird and SeaMonkey as affected products. Firefox is the only\nproduct affected by this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.84061", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488292", "reference_id": "488292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488292" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777", "reference_id": "CVE-2009-0777", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-11", "reference_id": "mfsa2009-11", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0777" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-reea-m7yc-47e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2228?format=api", "vulnerability_id": "VCID-reun-f46b-skb1", "summary": "Bugzilla developer Frédéric Buclin reported that the\n\"X-Frame-Options header is ignored when the value is duplicated,\nfor example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This\nduplication occurs for unknown reasons on some websites and when it occurs\nresults in Mozilla browsers not being protected against possible clickjacking\nattacks on those pages", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01172", "scoring_system": "epss", "scoring_elements": "0.78994", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840214", "reference_id": "840214", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961", "reference_id": "CVE-2012-1961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-51", "reference_id": "mfsa2012-51", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-reun-f46b-skb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70678?format=api", "vulnerability_id": "VCID-rghv-fe21-w3h2", "summary": "Mozilla: Select element persistance allows for attacks (MFSA 2012-75)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75764", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616", "reference_id": "863616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5354" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rghv-fe21-w3h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2284?format=api", "vulnerability_id": "VCID-rhhn-tqga-gqea", "summary": "Security researcher Mariusz Mlynski reported that the\nlocation property can be accessed by binary plugins through\ntop.location and top can be shadowed by\nObject.defineProperty as well. This can allow for possible\ncross-site scripting (XSS) attacks through plugins.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00927", "scoring_system": "epss", "scoring_elements": "0.76383", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3994" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863622", "reference_id": "863622", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994", "reference_id": "CVE-2012-3994", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-82", "reference_id": "mfsa2012-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3994" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhhn-tqga-gqea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74250?format=api", "vulnerability_id": "VCID-rhmg-v6z6-kfau", "summary": "Thunderbird: DoS via large length property of a Select object", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08242", "scoring_system": "epss", "scoring_elements": "0.92347", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512909", "reference_id": "512909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512909" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt", "reference_id": "OSVDB-56253;CVE-2009-2535", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2535" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhmg-v6z6-kfau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2666?format=api", "vulnerability_id": "VCID-rrat-t5xc-4qdr", "summary": "Jakob Balle and Carsten Eiram of\nSecunia Research reported a race condition\nin NPObjWrapper_NewResolve when accessing the properties\nof a NPObject, a wrapped JSObject. Balle\nand Eiram demonstrated that this condition could be reached by\nnavigating away from a web page during the loading of a Java applet.\nUnder such conditions the Java object would be destroyed but later\ncalled into resulting in a free memory read. It might be possible\nfor an attacker to write to the freed memory before it is reused and run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2 nor other\nproducts built using the \"Gecko 1.8\" version of Mozilla code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02184", "scoring_system": "epss", "scoring_elements": "0.84638", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503579", "reference_id": "503579", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503579" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837", "reference_id": "CVE-2009-1837", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-28", "reference_id": "mfsa2009-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1837" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrat-t5xc-4qdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2376?format=api", "vulnerability_id": "VCID-rt45-ac3f-xqau", "summary": "Mozilla security researcher Mark Goodwin discovered an issue\nwith the Firefox developer tools' debugger. If remote debugging is disabled, but\nthe experimental HTTPMonitor extension has been installed and enabled, a remote\nuser can connect to and use the remote debugging service through the port used\nby HTTPMonitor. A remote-enabled flag has been added to resolve\nthis problem and close the port unless debugging is explicitly enabled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03046", "scoring_system": "epss", "scoring_elements": "0.8691", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851925", "reference_id": "851925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973", "reference_id": "CVE-2012-3973", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-66", "reference_id": "mfsa2012-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-66" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3973" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rt45-ac3f-xqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2194?format=api", "vulnerability_id": "VCID-rvf4-88af-f7ga", "summary": "Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument. The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext. The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate. A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.64404", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1206" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608763", "reference_id": "608763", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206", "reference_id": "CVE-2010-1206", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45", "reference_id": "mfsa2010-45", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1206" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvf4-88af-f7ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2301?format=api", "vulnerability_id": "VCID-rxnh-fjyt-cyab", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0153", "scoring_system": "epss", "scoring_elements": "0.81612", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4212" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877942", "reference_id": "877942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212", "reference_id": "CVE-2012-4212", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxnh-fjyt-cyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2645?format=api", "vulnerability_id": "VCID-rzj8-31mb-ebf8", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0746", "scoring_system": "epss", "scoring_elements": "0.91881", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488283", "reference_id": "488283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774", "reference_id": "CVE-2009-0774", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" }, { "reference_url": "https://usn.ubuntu.com/728-2/", "reference_id": "USN-728-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-2/" }, { "reference_url": "https://usn.ubuntu.com/728-3/", "reference_id": "USN-728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-3/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0774" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzj8-31mb-ebf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2667?format=api", "vulnerability_id": "VCID-s1mt-2tfz-skfw", "summary": "Paul Nel reported that certain HTTP directives to\nnot cache web pages, Cache-Control: no-store and Cache-Control:\nno-cache for HTTPS pages, were being ignored by Firefox 3. On a\nshared system, applications relying upon these HTTP directives could\npotentially expose private data. Another user on the system could use\nthis vulnerability to view improperly cached pages containing private\ndata by navigating the browser back.Firefox 2 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40971", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0358" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483150", "reference_id": "483150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358", "reference_id": "CVE-2009-0358", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-06", "reference_id": "mfsa2009-06", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0358" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1mt-2tfz-skfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2864?format=api", "vulnerability_id": "VCID-s1nm-cdq2-nqec", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83259", "scoring_system": "epss", "scoring_elements": "0.99284", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700658", "reference_id": "700658", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065", "reference_id": "CVE-2011-0065", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0065" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1nm-cdq2-nqec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2861?format=api", "vulnerability_id": "VCID-s27c-6ahy-gbgd", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87676", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0083" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581", "reference_id": "714581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083", "reference_id": "CVE-2011-0083", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0083" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s27c-6ahy-gbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2392?format=api", "vulnerability_id": "VCID-s4v8-msj6-j3dw", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute\ncan be accessed under certain circumstances because of a premature notification\nof AttributeChildRemoved. This use-after-free of the child nodes could possibly\nallow for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72536", "scoring_system": "epss", "scoring_elements": "0.98791", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3659" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=786258", "reference_id": "786258", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786258" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659", "reference_id": "CVE-2011-3659", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb", "reference_id": "CVE-2011-3659;OSVDB-78736", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413", "reference_id": "CVE-2011-3659;OSVDB-78736", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-04", "reference_id": "mfsa2012-04", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3659" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4v8-msj6-j3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2660?format=api", "vulnerability_id": "VCID-s4x4-jhdq-efan", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02802", "scoring_system": "epss", "scoring_elements": "0.86364", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1303" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253", "reference_id": "496253", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303", "reference_id": "CVE-2009-1303", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1303" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4x4-jhdq-efan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2475?format=api", "vulnerability_id": "VCID-s6mw-fa6n-wyeh", "summary": "Security researcher Luke Bryan reported that file:\nURIs are given chrome privileges when opened in the same tab as a\nchrome page or privileged about: page. This vulnerability could be\nused by an attacker to run arbitrary JavaScript with chrome\nprivileges. The severity of this issue was determined to be moderate\nas it requires an attacker to have malicious code saved locally, then\nhave a user open a chrome: document or privileged about: URI, and then\nopen the malicious file in the same privileged tab.Firefox 2 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05714", "scoring_system": "epss", "scoring_elements": "0.90557", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5015" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470876", "reference_id": "470876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015", "reference_id": "CVE-2008-5015", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-51", "reference_id": "mfsa2008-51", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5015" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6mw-fa6n-wyeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2347?format=api", "vulnerability_id": "VCID-s9rz-eera-tbhz", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06784", "scoring_system": "epss", "scoring_elements": "0.9145", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1947" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843", "reference_id": "827843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947", "reference_id": "CVE-2012-1947", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1947" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9rz-eera-tbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2366?format=api", "vulnerability_id": "VCID-sf66-zf27-cugn", "summary": "Mozilla developer Tim Abraldes reported that when encoding\nimages as image/vnd.microsoft.icon the resulting data was always a\nfixed size, with uninitialized memory appended as padding beyond the size of the\nactual image. This is the result of mImageBufferSize in the encoder being\ninitialized with a value different than the size of the source image. There is\nthe possibility of sensitive data from uninitialized memory being appended to a\nPNG image when converted from an ICO format image. This sensitive data may then\nbe disclosed in the resulting image.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69773", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447", "reference_id": "CVE-2012-0447", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-06", "reference_id": "mfsa2012-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-06" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0447" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sf66-zf27-cugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2187?format=api", "vulnerability_id": "VCID-sgvb-u7qc-57bx", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that the implementation of XUL\n<tree>'s content view contains a dangling pointer vulnerability.\nOne of the content view's methods for accessing the internal structure\nof the tree could be manipulated into removing a node prior to\naccessing it, resulting in the accessing of deleted memory. If an\nattacker can control the contents of the deleted memory prior to its\naccess they could use this vulnerability to run arbitrary code on a\nvictim's machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05398", "scoring_system": "epss", "scoring_elements": "0.90265", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630067", "reference_id": "630067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167", "reference_id": "CVE-2010-3167", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-56", "reference_id": "mfsa2010-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3167" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgvb-u7qc-57bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2122?format=api", "vulnerability_id": "VCID-sh8a-1d68-mudt", "summary": "Mozilla developer Wladimir Palant reported that\nstylesheets used in remote XUL documents can wind up in the XUL cache\nwhere it can later be accessed by browser chrome for use in styling\nthe user interface. A malicious website could use this issue to\npollute a user's XUL cache and change style attributes of their\nbrowser such as font size and color.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62457", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576694", "reference_id": "576694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169", "reference_id": "CVE-2010-0169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14", "reference_id": "mfsa2010-14", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sh8a-1d68-mudt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2220?format=api", "vulnerability_id": "VCID-shxn-m14n-7far", "summary": "Security research Nicolas Grégoire used the Address\nSanitizer tool to discover an out-of-bounds read in the format-number feature of\nXSLT, which can cause inaccurate formatting of numbers and information leakage.\nThis is not directly exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04549", "scoring_system": "epss", "scoring_elements": "0.89357", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3972" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851924", "reference_id": "851924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972", "reference_id": "CVE-2012-3972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65", "reference_id": "mfsa2012-65", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shxn-m14n-7far" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2132?format=api", "vulnerability_id": "VCID-snem-pp9z-aqb9", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04467", "scoring_system": "epss", "scoring_elements": "0.89262", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2760" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630062", "reference_id": "630062", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760", "reference_id": "CVE-2010-2760", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54", "reference_id": "mfsa2010-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2760" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-snem-pp9z-aqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2207?format=api", "vulnerability_id": "VCID-sq7j-me19-fyey", "summary": "Security researchers Yosuke Hasegawa\nand Masatoshi Kimura reported that the x-mac-arabic,\nx-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS\nattacks due to some characters being converted to angle brackets when\ndisplayed by the rendering engine. Sites using these character\nencodings would thus be potentially vulnerable to script injection\nattacks if their script filtering code fails to strip out these\nspecific characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08052", "scoring_system": "epss", "scoring_elements": "0.92248", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3770" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660439", "reference_id": "660439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770", "reference_id": "CVE-2010-3770", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt", "reference_id": "CVE-2010-3770;OSVDB-69772", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt" }, { "reference_url": "https://www.securityfocus.com/bid/45353/info", "reference_id": "CVE-2010-3770;OSVDB-69772", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/45353/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-84", "reference_id": "mfsa2010-84", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-84" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3770" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sq7j-me19-fyey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71780?format=api", "vulnerability_id": "VCID-ssk9-b2p3-b3ev", "summary": "Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57393", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2605" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2605" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssk9-b2p3-b3ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2351?format=api", "vulnerability_id": "VCID-stqg-mham-5bbj", "summary": "Security researcher Mario Heiderich reported that javascript\ncould be executed in the HTML feed-view using <embed> tag\nwithin the RSS <description>. This problem is due to\n<embed> tags not being filtered out during parsing and can\nlead to a potential cross-site scripting (XSS) attack. The flaw existed in a\nparser utility class and could affect other parts of the browser or add-ons\nwhich rely on that class to sanitize untrusted input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77266", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840208", "reference_id": "840208", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957", "reference_id": "CVE-2012-1957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-47", "reference_id": "mfsa2012-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1957" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stqg-mham-5bbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2625?format=api", "vulnerability_id": "VCID-sw5m-vvtd-tfb6", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07076", "scoring_system": "epss", "scoring_elements": "0.91643", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662", "reference_id": "CVE-2009-2662", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45", "reference_id": "mfsa2009-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2662" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sw5m-vvtd-tfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2443?format=api", "vulnerability_id": "VCID-swze-ac2f-43bp", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects. moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object. These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07556", "scoring_system": "epss", "scoring_elements": "0.91948", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4059" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463192", "reference_id": "463192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463192" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059", "reference_id": "CVE-2008-4059", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41", "reference_id": "mfsa2008-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4059" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swze-ac2f-43bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2423?format=api", "vulnerability_id": "VCID-szd6-wdgm-rqhb", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03898", "scoring_system": "epss", "scoring_elements": "0.88471", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463199", "reference_id": "463199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061", "reference_id": "CVE-2008-4061", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-szd6-wdgm-rqhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2328?format=api", "vulnerability_id": "VCID-t4u8-8ysj-tbhh", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84438", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964", "reference_id": "CVE-2012-3964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3964" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4u8-8ysj-tbhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2126?format=api", "vulnerability_id": "VCID-t4vh-sf1x-d3dj", "summary": "OUSPG researcher Aki Helin reported a buffer\noverflow in Mozilla graphics code which consumes image data processed\nby libpng. A malformed PNG file could be created which would cause\nlibpng to incorrectly report the size of the image to downstream\nconsumers. When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer. This could result in the\nexecution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14816", "scoring_system": "epss", "scoring_elements": "0.94616", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238", "reference_id": "608238", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205", "reference_id": "CVE-2010-1205", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c", "reference_id": "CVE-2010-1205", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1205", "reference_id": "CVE-2010-1205", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1205" }, { "reference_url": "https://security.gentoo.org/glsa/201010-01", "reference_id": "GLSA-201010-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201010-01" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201412-08", "reference_id": "GLSA-201412-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-08" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-41", "reference_id": "mfsa2010-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0534", "reference_id": "RHSA-2010:0534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" }, { "reference_url": "https://usn.ubuntu.com/960-1/", "reference_id": "USN-960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4vh-sf1x-d3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2431?format=api", "vulnerability_id": "VCID-t82b-wx66-hbbx", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06165", "scoring_system": "epss", "scoring_elements": "0.90963", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5500" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476266", "reference_id": "476266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500", "reference_id": "CVE-2008-5500", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60", "reference_id": "mfsa2008-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5500" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t82b-wx66-hbbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2332?format=api", "vulnerability_id": "VCID-t8xj-n8m2-kbfg", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02146", "scoring_system": "epss", "scoring_elements": "0.84505", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851908", "reference_id": "851908", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971", "reference_id": "CVE-2012-1971", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57", "reference_id": "mfsa2012-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8xj-n8m2-kbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2782?format=api", "vulnerability_id": "VCID-t8xs-9akz-5yfg", "summary": "Security researcher Jordi Chancel reported a crash\non multipart/x-mixed-replace images due to memory\ncorruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05899", "scoring_system": "epss", "scoring_elements": "0.90738", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2377" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714929", "reference_id": "714929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377", "reference_id": "CVE-2011-2377", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-21", "reference_id": "mfsa2011-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8xs-9akz-5yfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2618?format=api", "vulnerability_id": "VCID-tcfs-yn97-zfhw", "summary": "Mozilla security researcher Jesse Ruderman reported\nthat when security modules were added or removed\nvia pkcs11.addmodule or pkcs11.deletemodule,\nthe resulting dialog was not sufficiently informative. Without\nsufficient warning, an attacker could entice a victim to install a\nmalicious PKCS11 module and affect the cryptographic integrity of the\nvictim's browser.Security researcher Dan Kaminsky reported that\nthis issue had not been fixed in Firefox 3.0 and that under certain\ncircumstances pkcs11 modules could be installed from a\nremote location.Firefox 3.5 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17599", "scoring_system": "epss", "scoring_elements": "0.95204", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3076" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692", "reference_id": "521692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076", "reference_id": "CVE-2009-3076", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt", "reference_id": "CVE-2009-3076;OSVDB-57977", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-48", "reference_id": "mfsa2009-48", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3076" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcfs-yn97-zfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2808?format=api", "vulnerability_id": "VCID-td4n-bv4d-jqfn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10043", "scoring_system": "epss", "scoring_elements": "0.93191", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2987" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987", "reference_id": "CVE-2011-2987", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2987" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-td4n-bv4d-jqfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2795?format=api", "vulnerability_id": "VCID-tguh-s9wb-buey", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03206", "scoring_system": "epss", "scoring_elements": "0.87232", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675082", "reference_id": "675082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053", "reference_id": "CVE-2011-0053", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01", "reference_id": "mfsa2011-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0312", "reference_id": "RHSA-2011:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0313", "reference_id": "RHSA-2011:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0313" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0053" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tguh-s9wb-buey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2586?format=api", "vulnerability_id": "VCID-trw6-z25m-nucy", "summary": "Mozilla security researcher moz_bug_r_a4 reported\na vulnerability which allows scripts from page content to run with\nelevated privileges. Using this vulnerability, an attacker could\ncause a chrome privileged object, such as the browser sidebar or the\nFeedWriter, to interact with web content in such a way that attacker\ncontrolled code may be executed with the object's chrome\nprivileges.Thunderbird supports neither the sidebar nor\nBrowserFeedWriter objects and is not vulnerable in its default\nconfiguration. Thunderbird might be vulnerable if the user has installed\nany add-on which adds a similarly implemented feature and then enables\nJavaScript in mail messages. This is not the default setting and we\nstrongly discourage users from running JavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04241", "scoring_system": "epss", "scoring_elements": "0.88957", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1841" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503583", "reference_id": "503583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503583" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841", "reference_id": "CVE-2009-1841", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-32", "reference_id": "mfsa2009-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1841" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trw6-z25m-nucy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2189?format=api", "vulnerability_id": "VCID-ttpz-dknd-2qey", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0757", "scoring_system": "epss", "scoring_elements": "0.91957", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173", "reference_id": "CVE-2010-0173", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16", "reference_id": "mfsa2010-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0173" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttpz-dknd-2qey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2837?format=api", "vulnerability_id": "VCID-tw6y-cy6t-x7by", "summary": "Claus Wahlers reported that random images from GPU memory\nwere showing up in WebGL textures. Once incorporated into the WebGL graphics it\nis possible for a site to programmatically read the image data and potentially\ngain sensitive data from other things that had been displayed earlier. This\nproblem is due to a bug in the driver for Intel integrated GPUs on recent\nMac OS X hardware, and the problem can be seen in WebGL implementations from\nother vendors. Mozilla has implemented a work-around to prevent this from\nhappening with this hardware-driver combination.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46386", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653", "reference_id": "CVE-2011-3653", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-51", "reference_id": "mfsa2011-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-51" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3653" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tw6y-cy6t-x7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2357?format=api", "vulnerability_id": "VCID-u2ea-zsxx-6khx", "summary": "Security researcher Daniel Divricean reported that a defect\nin the error handling of javascript errors can leak the file names and location\nof javascript files on a server, leading to inadvertent information disclosure\nand a vector for further attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00891", "scoring_system": "epss", "scoring_elements": "0.75863", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187", "reference_id": "815187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187", "reference_id": "CVE-2011-1187", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-32", "reference_id": "mfsa2012-32", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-32" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-1187" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2ea-zsxx-6khx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88962?format=api", "vulnerability_id": "VCID-u636-v3x8-6fft", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.62117", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3866" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3866" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u636-v3x8-6fft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2659?format=api", "vulnerability_id": "VCID-u714-aeta-j7by", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04391", "scoring_system": "epss", "scoring_elements": "0.89158", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1302" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496252", "reference_id": "496252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302", "reference_id": "CVE-2009-1302", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1302" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u714-aeta-j7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2288?format=api", "vulnerability_id": "VCID-u7um-16ay-eqhd", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01433", "scoring_system": "epss", "scoring_elements": "0.80987", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635", "reference_id": "877635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833", "reference_id": "CVE-2012-5833", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-5833" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7um-16ay-eqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2394?format=api", "vulnerability_id": "VCID-u829-rqhq-afdu", "summary": "Security researcher Colby Russell discovered that eval in\nthe web console can execute injected code with chrome privileges, leading to the\nrunning of malicious code in a privileged context. This allows for arbitrary\ncode execution through a malicious web page if the web console is invoked by the\nuser.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02199", "scoring_system": "epss", "scoring_elements": "0.84686", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3980" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851939", "reference_id": "851939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851939" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980", "reference_id": "CVE-2012-3980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-72", "reference_id": "mfsa2012-72", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-72" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3980" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u829-rqhq-afdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2472?format=api", "vulnerability_id": "VCID-uesh-b969-pfa6", "summary": "Mozilla developer Jesse Ruderman demonstrated that\nby tampering with the window.__proto__.__proto__ object,\none can cause the browser to place a lock on a non-native object,\nleading to a crash. Although we have not demonstrated such control, a\ndetermined attacker might be able to exploit this crash to run\narbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25205", "scoring_system": "epss", "scoring_elements": "0.96286", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5014" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470873", "reference_id": "470873", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014", "reference_id": "CVE-2008-5014", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-50", "reference_id": "mfsa2008-50", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5014" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uesh-b969-pfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2829?format=api", "vulnerability_id": "VCID-ugzh-a5w2-cbee", "summary": "Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42028", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001", "reference_id": "CVE-2011-3001", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40", "reference_id": "mfsa2011-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3001" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugzh-a5w2-cbee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2176?format=api", "vulnerability_id": "VCID-um8y-xkv9-zya9", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03201", "scoring_system": "epss", "scoring_elements": "0.8722", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174", "reference_id": "CVE-2010-3174", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64", "reference_id": "mfsa2010-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3174" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-um8y-xkv9-zya9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2216?format=api", "vulnerability_id": "VCID-umhg-zxkd-bkh5", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the wrapper class XPCSafeJSObjectWrapper (SJOW) on\nthe Mozilla 1.9.1 development branch has a logical error in its\nscripted function implementation that allows the caller to run the\nfunction within the context of another site. This is a violation of\nthe same-origin policy and could be used to mount an XSS attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67447", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763", "reference_id": "CVE-2010-2763", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-60", "reference_id": "mfsa2010-60", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-60" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2763" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-umhg-zxkd-bkh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2860?format=api", "vulnerability_id": "VCID-ut68-z785-9kaw", "summary": "Security researchers Chris Rohlf and Yan\nIvnitskiy of Matasano Security reported that when a\nJavaScript Array object had its length set to an\nextremely large value, the iteration of array elements that occurs\nwhen its reduceRight method was subsequently called could\nresult in the execution of attacker controlled memory due to an\ninvalid index value being used to access element properties.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86212", "scoring_system": "epss", "scoring_elements": "0.99414", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714580", "reference_id": "714580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371", "reference_id": "CVE-2011-2371", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html", "reference_id": "CVE-2011-2371;OSVDB-73184", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb", "reference_id": "CVE-2011-2371;OSVDB-73184", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html", "reference_id": "CVE-2011-2371;OSVDB-73184", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-22", "reference_id": "mfsa2011-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2371" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ut68-z785-9kaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2146?format=api", "vulnerability_id": "VCID-uzx7-1bns-h7cx", "summary": "Security researcher Orlando Barrera II of SecTheory reported,\nvia TippingPoint's Zero Day Initiative, that Mozilla's implementation\nof Web Workers contained an error in its handling of array data types\nwhen processing posted messages. This error could be used by an\nattacker to corrupt heap memory and crash the browser, potentially\nrunning arbitrary code on a victim's computer.Web Workers were introduced in Firefox 3.5; Firefox 3.0\nand earlier versions were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05179", "scoring_system": "epss", "scoring_elements": "0.9005", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566049", "reference_id": "566049", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160", "reference_id": "CVE-2010-0160", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-02", "reference_id": "mfsa2010-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0160" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uzx7-1bns-h7cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2617?format=api", "vulnerability_id": "VCID-vae5-ym3t-3fd1", "summary": "Security research firm iDefense reported that\nresearcher regenrecht discovered a heap-based buffer\noverflow in Mozilla's GIF image parser. This vulnerability could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11615", "scoring_system": "epss", "scoring_elements": "0.93768", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3373" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530156", "reference_id": "530156", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373", "reference_id": "CVE-2009-3373", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt", "reference_id": "CVE-2009-3373;OSVDB-59393", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt" }, { "reference_url": "https://www.securityfocus.com/bid/36855/info", "reference_id": "CVE-2009-3373;OSVDB-59393", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/36855/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56", "reference_id": "mfsa2009-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vae5-ym3t-3fd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2424?format=api", "vulnerability_id": "VCID-vc3j-t6ae-yqf9", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0291", "scoring_system": "epss", "scoring_elements": "0.86609", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463201", "reference_id": "463201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062", "reference_id": "CVE-2008-4062", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4062" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vc3j-t6ae-yqf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2123?format=api", "vulnerability_id": "VCID-vcz4-mpqz-k7dn", "summary": "Mozilla developer Blake Kaplan reported that the\nwrapper class XPCSafeJSObjectWrapper (SJOW), a security\nwrapper that allows content-defined objects to be safely accessed by\nprivileged code, creates scope chains ending in outer objects. Users\nof SJOWs which expect the scope chain to end on an inner object may be\nhanded a chrome privileged object which could be leveraged to run\narbitrary JavaScript with chrome privileges.Michal Zalewski's recent contributions helped to\nidentify this architectural weakness.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0174", "scoring_system": "epss", "scoring_elements": "0.82821", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2762" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630071", "reference_id": "630071", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762", "reference_id": "CVE-2010-2762", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-59", "reference_id": "mfsa2010-59", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2762" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcz4-mpqz-k7dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2162?format=api", "vulnerability_id": "VCID-vekg-epcv-cqgd", "summary": "Security researcher Hidetake Jo of Microsoft\nVulnerability Research reported that the properties set on an object\npassed to showModalDialog were readable by the document\ncontained in the dialog, even when the document was from a different\ndomain. This is a violation of the same-origin policy and could\nresult in a website running untrusted JavaScript if it assumed\nthe dialogArguments could not be initialized by another\nsite.An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60859", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566051", "reference_id": "566051", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988", "reference_id": "CVE-2009-3988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-04", "reference_id": "mfsa2010-04", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3988" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vekg-epcv-cqgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2880?format=api", "vulnerability_id": "VCID-vjbh-dhuh-cyaj", "summary": "Security researcher Christian Holler reported that\nthe JavaScript engine's internal memory mapping of non-local JS\nvariables contained a buffer overflow which could potentially be used\nby an attacker to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09158", "scoring_system": "epss", "scoring_elements": "0.92814", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0054" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675091", "reference_id": "675091", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054", "reference_id": "CVE-2011-0054", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-04", "reference_id": "mfsa2011-04", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0054" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjbh-dhuh-cyaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2385?format=api", "vulnerability_id": "VCID-vk71-ur84-2kgz", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04347", "scoring_system": "epss", "scoring_elements": "0.89101", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0463" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463", "reference_id": "CVE-2012-0463", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0463" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vk71-ur84-2kgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2849?format=api", "vulnerability_id": "VCID-vnmm-3sby-y7hk", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04023", "scoring_system": "epss", "scoring_elements": "0.88663", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2374" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374", "reference_id": "CVE-2011-2374", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2374" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnmm-3sby-y7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2327?format=api", "vulnerability_id": "VCID-vnu6-2tzh-5kab", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85041", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3963" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963", "reference_id": "CVE-2012-3963", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3963" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnu6-2tzh-5kab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2819?format=api", "vulnerability_id": "VCID-vqng-ra2r-y3db", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01336", "scoring_system": "epss", "scoring_elements": "0.80292", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730520", "reference_id": "730520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981", "reference_id": "CVE-2011-2981", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2981" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqng-ra2r-y3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2263?format=api", "vulnerability_id": "VCID-vr3a-xs8t-4qap", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05225", "scoring_system": "epss", "scoring_elements": "0.90093", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185", "reference_id": "CVE-2012-4185", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4185" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vr3a-xs8t-4qap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2869?format=api", "vulnerability_id": "VCID-vt1n-t5vm-67cc", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.86032", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2995" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741902", "reference_id": "741902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995", "reference_id": "CVE-2011-2995", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36", "reference_id": "mfsa2011-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2995" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vt1n-t5vm-67cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2211?format=api", "vulnerability_id": "VCID-vugt-cer6-sfhd", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that JavaScript arrays were\nvulnerable to an integer overflow vulnerability. The report\ndemonstrated that an array could be constructed containing a very\nlarge number of items such that when memory was allocated to store the\narray items, the integer value used to calculate the buffer size would\noverflow resulting in too small a buffer being allocated. Subsequent\nuse of the array object could then result in data being written past\nthe end of the buffer and causing memory corruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04617", "scoring_system": "epss", "scoring_elements": "0.89429", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660431", "reference_id": "660431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660431" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767", "reference_id": "CVE-2010-3767", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-81", "reference_id": "mfsa2010-81", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-81" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0968", "reference_id": "RHSA-2010:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0968" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3767" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vugt-cer6-sfhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2384?format=api", "vulnerability_id": "VCID-vuq7-9gsu-sbfc", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01568", "scoring_system": "epss", "scoring_elements": "0.81827", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109", "reference_id": "803109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464", "reference_id": "CVE-2012-0464", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0464" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuq7-9gsu-sbfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2827?format=api", "vulnerability_id": "VCID-vzdc-6fne-5fck", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.75168", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730523", "reference_id": "730523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983", "reference_id": "CVE-2011-2983", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1165", "reference_id": "RHSA-2011:1165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1167", "reference_id": "RHSA-2011:1167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1167" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2983" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzdc-6fne-5fck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2320?format=api", "vulnerability_id": "VCID-wbbj-pv5p-nuaa", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85041", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956", "reference_id": "CVE-2012-3956", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3956" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbbj-pv5p-nuaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2390?format=api", "vulnerability_id": "VCID-wesw-ctff-bfff", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03749", "scoring_system": "epss", "scoring_elements": "0.88218", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1949" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021281", "reference_id": "2021281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949", "reference_id": "CVE-2012-1949", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42", "reference_id": "mfsa2012-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-1949" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wesw-ctff-bfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2595?format=api", "vulnerability_id": "VCID-wk8j-jx5v-g7g3", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\na form input control's type could be changed during the restoration of a\nclosed tab. An attacker could set an input control's text value to the\npath of a local file whose location was known to the attacker. If the tab\nwas then closed and the victim persuaded to re-open it, upon restoring the\ntab the attacker could use this vulnerability to change the input type to\nfile. Scripts in the page could then automatically submit\nthe form and steal the contents of the user's local file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02431", "scoring_system": "epss", "scoring_elements": "0.85396", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0355" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483143", "reference_id": "483143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355", "reference_id": "CVE-2009-0355", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-03", "reference_id": "mfsa2009-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" }, { "reference_url": "https://usn.ubuntu.com/717-2/", "reference_id": "USN-717-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0355" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wk8j-jx5v-g7g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73919?format=api", "vulnerability_id": "VCID-wnhp-wmct-qyhh", "summary": "firefox: (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530162", "reference_id": "530162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530162" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1563" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wnhp-wmct-qyhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2607?format=api", "vulnerability_id": "VCID-wtyd-jcnh-2bhq", "summary": "Security researcher Dan Kaminsky reported an\ninteger overflow in the Theora video library. A video's dimensions\nwere being multiplied together and used in particular memory\nallocations. When the video dimensions were sufficiently large, the\nmultiplication could overflow a 32-bit integer resulting in too small\na memory buffer being allocated for the video. An attacker could use\na specially crafted video to write data past the bounds of this\nbuffer, causing a crash and potentially running arbitrary code on a\nvictim's computer.Mozilla intern David Keeler also independently\nreported this issue as well as an additional crash which was\ndetermined to be a denial-of-service.Video capabilities were added to the Mozilla browser engine\nin Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these\nproducts were not affected.These bugs were fixed upstream in Theora version 1.1\n(\"Thusnelda\") but the older version used in Firefox 3.5 needed this\npatch.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0553", "scoring_system": "epss", "scoring_elements": "0.90392", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3389" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=548541", "reference_id": "548541", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548541" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950", "reference_id": "572950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389", "reference_id": "CVE-2009-3389", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201312-04", "reference_id": "GLSA-201312-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-67", "reference_id": "mfsa2009-67", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-67" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3389" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyd-jcnh-2bhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2155?format=api", "vulnerability_id": "VCID-wwk8-bpv8-zyhh", "summary": "Mozilla developer Ehsan Akhgari reported that a\nfunction used to load external libraries on Windows platforms was\nusing a relative path to a DLL-loading application and was thus\nvulnerable to binary planting if an attacker was able to place an\nexecutable of the same name in the current working directory or any of\nthe other locations that Windows searches for executables.Dmitri Gribenko reported that the script used to\nlaunch Mozilla applications on Linux was effectively including the\ncurrent working directory in the LD_LIBRARY_PATH\nenvironment variable. If an attacker was able to place into the\ncurrent working directory a malicious shared library with the same\nname as a library that the bootstrapping script depends on the\nattacker could have their library loaded instead of the legitimate\nlibrary.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23338", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642300", "reference_id": "642300", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182", "reference_id": "CVE-2010-3182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-71", "reference_id": "mfsa2010-71", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-71" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0780", "reference_id": "RHSA-2010:0780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwk8-bpv8-zyhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2226?format=api", "vulnerability_id": "VCID-x444-96ea-pfc4", "summary": "Security researcher Mariusz Mlynski reported that an\nattacker able to convince a potential victim to set a new home page by dragging\na link to the \"home\" button can set that user's home page to a\njavascript: URL. Once this is done the attacker's page can cause\nrepeated crashes of the browser, eventually getting the script URL loaded in the\nprivileged about:sessionrestore context.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.8421", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0458" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803113", "reference_id": "803113", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803113" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458", "reference_id": "CVE-2012-0458", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-16", "reference_id": "mfsa2012-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0458" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x444-96ea-pfc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71633?format=api", "vulnerability_id": "VCID-x6pd-2arc-gqdq", "summary": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03832", "scoring_system": "epss", "scoring_elements": "0.88348", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389" }, { "reference_url": "https://curl.se/docs/CVE-2011-3389.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2011-3389.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "reference_id": "737506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "reference_url": "https://security.gentoo.org/glsa/201111-02", "reference_id": "GLSA-201111-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201111-02" }, { "reference_url": "https://security.gentoo.org/glsa/201203-02", "reference_id": "GLSA-201203-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-02" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1380", "reference_id": "RHSA-2011:1380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1384", "reference_id": "RHSA-2011:1384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0006", "reference_id": "RHSA-2012:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0034", "reference_id": "RHSA-2012:0034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0343", "reference_id": "RHSA-2012:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0508", "reference_id": "RHSA-2012:0508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1455", "reference_id": "RHSA-2013:1455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1455" }, { "reference_url": "https://usn.ubuntu.com/1263-1/", "reference_id": "USN-1263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1263-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3389" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6pd-2arc-gqdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2873?format=api", "vulnerability_id": "VCID-x7qs-rmew-4qe3", "summary": "Mozilla security researcher David Chan reported\nthat cookies set for example.com. (note the trailing dot)\nand example.com were treated as interchangeable. This is\na violation of same-origin conventions and could potentially lead to\nleakage of cookie data to the wrong party.This issue did not affect Firefox 4, SeaMonkey 2.1, or newer\nMozilla-based products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01226", "scoring_system": "epss", "scoring_elements": "0.79438", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2362" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714583", "reference_id": "714583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714583" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362", "reference_id": "CVE-2011-2362", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-24", "reference_id": "mfsa2011-24", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2362" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7qs-rmew-4qe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2641?format=api", "vulnerability_id": "VCID-xe95-tcad-cyhu", "summary": "Mozilla security researcher Georgi Guninski reported\nthat the fix for an earlier vulnerability reported by Liu Die Yu using local\ninternet shortcut files to access other sites\n(MFSA 2008-47) could be bypassed\nby redirecting to a privileged about: URI such as\nabout:plugins.\nIf an attacker could get a victim to\ndownload two files, a malicious HTML file and a .desktop shortcut\nfile, they could have the HTML document load a privileged chrome document\nvia the shortcut and both documents would be treated as same origin.\nThis vulnerability could potentially be used by an attacker to inject\narbitrary code into the chrome document and execute with chrome\nprivileges. Because this attack has relatively high complexity, the\nseverity of this issue was determined to be moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00909", "scoring_system": "epss", "scoring_elements": "0.76132", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0356" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483144", "reference_id": "483144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356", "reference_id": "CVE-2009-0356", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-04", "reference_id": "mfsa2009-04", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0356" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xe95-tcad-cyhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2403?format=api", "vulnerability_id": "VCID-xh5q-bfkr-guep", "summary": "Security researcher Collin Jackson reported that\nthe -moz-binding CSS property can be used to bypass security checks\nwhich validate codebase principals. Similar to the issue reported\nin MFSA 2008-23, Jackson demonstrated\nthat an attacker can replace a stylesheet in a signed JAR which uses\nrelative paths, and can then use the -moz-binding property to inject\nmalicious script into the JAR. The injected script will be executed\nwith the privileges of the signed JAR. This vulnerability can thus\nallow an attacker to run arbitrary JavaScript within the context of\nanother site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1839", "scoring_system": "epss", "scoring_elements": "0.95341", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470898", "reference_id": "470898", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023", "reference_id": "CVE-2008-5023", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-57", "reference_id": "mfsa2008-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5023" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xh5q-bfkr-guep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2334?format=api", "vulnerability_id": "VCID-xhfm-9dtr-63cj", "summary": "Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0457", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07333", "scoring_system": "epss", "scoring_elements": "0.91811", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0457" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116", "reference_id": "803116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457", "reference_id": "CVE-2012-0457", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14", "reference_id": "mfsa2012-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0457" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhfm-9dtr-63cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2147?format=api", "vulnerability_id": "VCID-xj7k-fek3-gbhh", "summary": "Mozilla developer Vladimir Vukicevic reported that\na canvas element can be used to read data from another site, violating\nthe same-origin policy. The read restriction placed on a canvas\nelement which has had cross-origin data rendered into it can be\nbypassed by retaining a reference to the canvas element's context and\ndeleting the associated canvas node from the DOM.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62303", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1207" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615472", "reference_id": "615472", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207", "reference_id": "CVE-2010-1207", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-43", "reference_id": "mfsa2010-43", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1207" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj7k-fek3-gbhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2453?format=api", "vulnerability_id": "VCID-xt9w-ahy8-bfb6", "summary": "Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02832", "scoring_system": "epss", "scoring_elements": "0.86427", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=464041", "reference_id": "464041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=464041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070", "reference_id": "CVE-2008-4070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-46", "reference_id": "mfsa2008-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-4070" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xt9w-ahy8-bfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2871?format=api", "vulnerability_id": "VCID-xtst-5kbr-fba9", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04198", "scoring_system": "epss", "scoring_elements": "0.88907", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2997" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997", "reference_id": "CVE-2011-2997", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36", "reference_id": "mfsa2011-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2997" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtst-5kbr-fba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2224?format=api", "vulnerability_id": "VCID-xvw5-jd6a-9ff3", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83329", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920", "reference_id": "851920", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968", "reference_id": "CVE-2012-3968", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62", "reference_id": "mfsa2012-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-3968" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvw5-jd6a-9ff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2628?format=api", "vulnerability_id": "VCID-xwn1-qre7-k7cc", "summary": "Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way. This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page. An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.64461", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3985" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546726", "reference_id": "546726", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985", "reference_id": "CVE-2009-3985", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69", "reference_id": "mfsa2009-69", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3985" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwn1-qre7-k7cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2215?format=api", "vulnerability_id": "VCID-xyfx-jjk2-3bff", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the implementation of\nthe window.navigator.plugins object. When a page\nreloads, the plugins array would reallocate all of its members without\nchecking for existing references to each member. This could result in\nthe deletion of objects for which valid pointers still exist. An\nattacker could use this vulnerability to crash a victim's browser and\nrun arbitrary code on the victim's machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06689", "scoring_system": "epss", "scoring_elements": "0.91381", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578152", "reference_id": "578152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177", "reference_id": "CVE-2010-0177", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-19", "reference_id": "mfsa2010-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0177" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xyfx-jjk2-3bff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2214?format=api", "vulnerability_id": "VCID-y2ky-dg41-yqfe", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02028", "scoring_system": "epss", "scoring_elements": "0.84071", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1212" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615456", "reference_id": "615456", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212", "reference_id": "CVE-2010-1212", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34", "reference_id": "mfsa2010-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2ky-dg41-yqfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71053?format=api", "vulnerability_id": "VCID-y3by-ejzy-y7g4", "summary": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3101", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0174", "scoring_system": "epss", "scoring_elements": "0.82823", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3101" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://security.gentoo.org/glsa/201205-03", "reference_id": "GLSA-201205-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201205-03" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3101" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3by-ejzy-y7g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2163?format=api", "vulnerability_id": "VCID-y5e5-wa84-j3bz", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03502", "scoring_system": "epss", "scoring_elements": "0.87812", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165", "reference_id": "CVE-2010-0165", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0165" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5e5-wa84-j3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2270?format=api", "vulnerability_id": "VCID-y5rs-pd7w-m3ce", "summary": "Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80447", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4194" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893", "reference_id": "869893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194", "reference_id": "CVE-2012-4194", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90", "reference_id": "mfsa2012-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1407", "reference_id": "RHSA-2012:1407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1413", "reference_id": "RHSA-2012:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1413" }, { "reference_url": "https://usn.ubuntu.com/1620-1/", "reference_id": "USN-1620-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-1/" }, { "reference_url": "https://usn.ubuntu.com/1620-2/", "reference_id": "USN-1620-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4194" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5rs-pd7w-m3ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2180?format=api", "vulnerability_id": "VCID-y6rz-xqjf-wfdn", "summary": "Security researcher Soroush Dalili reported that\npotentially sensitive URL parameters could be leaked across domains\nupon script errors when the script filename and line number is\nincluded in the error message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62303", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615488", "reference_id": "615488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615488" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754", "reference_id": "CVE-2010-2754", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-47", "reference_id": "mfsa2010-47", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2754" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6rz-xqjf-wfdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2145?format=api", "vulnerability_id": "VCID-y6vr-xak2-5ufg", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05221", "scoring_system": "epss", "scoring_elements": "0.90088", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1203" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590816", "reference_id": "590816", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203", "reference_id": "CVE-2010-1203", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1203" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6vr-xak2-5ufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2588?format=api", "vulnerability_id": "VCID-y8wr-ds4z-gfc2", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the owner document of an element can become null after garbage\ncollection. In such cases, event listeners may be executed within the\nwrong JavaScript context. An attacker could potentially use this\nvulnerability to have a malicious event handler execute arbitrary\nJavaScript with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04629", "scoring_system": "epss", "scoring_elements": "0.89444", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580", "reference_id": "503580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838", "reference_id": "CVE-2009-1838", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-29", "reference_id": "mfsa2009-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1838" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8wr-ds4z-gfc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2606?format=api", "vulnerability_id": "VCID-ycjq-pc6z-b7d2", "summary": "IOActive security researcher Dan Kaminsky reported a\nmismatch in the treatment of domain names in SSL certificates between SSL\nclients and the Certificate Authorities (CA) which issue server certificates.\nIn particular, if a malicious person requested a certificate for a host name\nwith an invalid null character in it most CAs would issue the\ncertificate if the requester owned the domain specified after the null, while\nmost SSL clients (browsers) ignored that part of the name and used the\nunvalidated part in front of the null. This made it possible for attackers to\nobtain certificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter encrypted\ncommunication between the client and a server such as sensitive bank\naccount transactions.This vulnerability was independently reported to us by researcher\nMoxie Marlinspike who also noted that since Firefox\nrelies on SSL to protect the integrity of security updates this attack\ncould be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability\nResearch team for coordinating a multiple-vendor response to this problem.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01855", "scoring_system": "epss", "scoring_elements": "0.83342", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251", "reference_id": "510251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934", "reference_id": "539934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408", "reference_id": "CVE-2009-2408", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-42", "reference_id": "mfsa2009-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1184", "reference_id": "RHSA-2009:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1186", "reference_id": "RHSA-2009:1186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1190", "reference_id": "RHSA-2009:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1207", "reference_id": "RHSA-2009:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://usn.ubuntu.com/810-1/", "reference_id": "USN-810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2408" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycjq-pc6z-b7d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2201?format=api", "vulnerability_id": "VCID-yd45-93fw-13df", "summary": "Mozilla security researcher Georgi Guninski\nreported that when a SVG document which is served\nwith Content-Type: application/octet-stream is embedded\ninto another document via an <embed> tag\nwith type=\"image/svg+xml\", the Content-Type is ignored\nand the SVG document is processed normally. A website which allows\narbitrary binary data to be uploaded but which relies\non Content-Type: application/octet-stream to prevent\nscript execution could have such protection bypassed. An attacker\ncould upload a SVG document containing JavaScript as a binary file to\na website, embed the SVG document into a malicious page on another\nsite, and gain access to the script environment from the SVG-serving\nsite, bypassing the same-origin policy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78394", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566052", "reference_id": "566052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162", "reference_id": "CVE-2010-0162", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-05", "reference_id": "mfsa2010-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0162" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yd45-93fw-13df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2584?format=api", "vulnerability_id": "VCID-ye7n-9kgr-mqc9", "summary": "One of the security fixes in Firefox 3.0.9 introduced a\nregression that caused some users to experience frequent crashes.\nUsers of the HTML Validator add-on were particularly affected, but\nother users also experienced this crash in some situations.\nIn analyzing this crash we discovered that it was due to memory\ncorruption similar to cases that have been identified as security\nvulnerabilities in the past.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32166", "scoring_system": "epss", "scoring_elements": "0.96912", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1313" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=497447", "reference_id": "497447", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313", "reference_id": "CVE-2009-1313", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html", "reference_id": "CVE-2009-1313;OSVDB-54174", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html" }, { "reference_url": "https://www.securityfocus.com/bid/34743/info", "reference_id": "CVE-2009-1313;OSVDB-54174", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/34743/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-23", "reference_id": "mfsa2009-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0449", "reference_id": "RHSA-2009:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0449" }, { "reference_url": "https://usn.ubuntu.com/765-1/", "reference_id": "USN-765-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/765-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1313" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ye7n-9kgr-mqc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2798?format=api", "vulnerability_id": "VCID-yedg-weex-wqgh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06835", "scoring_system": "epss", "scoring_elements": "0.91482", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989", "reference_id": "CVE-2011-2989", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-2989" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yedg-weex-wqgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2605?format=api", "vulnerability_id": "VCID-yh2k-hmgj-c3h8", "summary": "Security researcher Gregory Fleischer reported\nthat text within a selection on a web page can be read by JavaScript\nin a different domain using the document.getSelection\nfunction, violating the same-origin policy. Since this vulnerability\nrequires user interaction to exploit, its severity was determined to\nbe moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64481", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3375" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530167", "reference_id": "530167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375", "reference_id": "CVE-2009-3375", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-61", "reference_id": "mfsa2009-61", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3375" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yh2k-hmgj-c3h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2137?format=api", "vulnerability_id": "VCID-yh3u-9dtq-4qeu", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the XMLHttpRequestSpy module in the Firebug add-on was exposing\nan underlying chrome privilege escalation vulnerability. When the\nXMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects. This could result in an attacker running arbitrary\nJavaScript on a victim's machine, though it required the victim to\nhave Firebug installed, so the overall severity of the issue was\ndetermined to be High.This vulnerability does not affect Firefox 3.6", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00723", "scoring_system": "epss", "scoring_elements": "0.72851", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578155", "reference_id": "578155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179", "reference_id": "CVE-2010-0179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21", "reference_id": "mfsa2010-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82", "reference_id": "mfsa2010-82", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0179" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yh3u-9dtq-4qeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88959?format=api", "vulnerability_id": "VCID-yn1g-pbm8-mybp", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65544", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4508" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-4508" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn1g-pbm8-mybp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2143?format=api", "vulnerability_id": "VCID-yn2w-7p56-y7fe", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04587", "scoring_system": "epss", "scoring_elements": "0.89397", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608108", "reference_id": "608108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608108" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201", "reference_id": "CVE-2010-1201", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1201" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn2w-7p56-y7fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2184?format=api", "vulnerability_id": "VCID-yrjj-qpxp-hfbv", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05098", "scoring_system": "epss", "scoring_elements": "0.89965", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778", "reference_id": "CVE-2010-3778", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74", "reference_id": "mfsa2010-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-3778" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjj-qpxp-hfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2639?format=api", "vulnerability_id": "VCID-ywsg-yvdy-wkb6", "summary": "Security researcher Attila Suszter reported that\nwhen a page contains a Flash object which presents a slow script\ndialog, and the page is navigated while the dialog is still visible to\nthe user, the Flash plugin is unloaded resulting in a crash due to a\ncall to the deleted object. This crash could potentially be used by\nan attacker to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05189", "scoring_system": "epss", "scoring_elements": "0.9006", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512137", "reference_id": "512137", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467", "reference_id": "CVE-2009-2467", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-35", "reference_id": "mfsa2009-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2467" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ywsg-yvdy-wkb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2416?format=api", "vulnerability_id": "VCID-yy1m-2bvc-hbc1", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities in feedWriter which allow scripts from page\ncontent to run with chrome privileges.Firefox 3 is not affected by this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02943", "scoring_system": "epss", "scoring_elements": "0.86677", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463188", "reference_id": "463188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463188" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836", "reference_id": "CVE-2008-3836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-39", "reference_id": "mfsa2008-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-39" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-3836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy1m-2bvc-hbc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2875?format=api", "vulnerability_id": "VCID-yy5w-b7b7-ybd1", "summary": "Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04425", "scoring_system": "epss", "scoring_elements": "0.89201", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651", "reference_id": "CVE-2011-3651", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48", "reference_id": "mfsa2011-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3651" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy5w-b7b7-ybd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2405?format=api", "vulnerability_id": "VCID-z5zp-5nv7-gkgp", "summary": "Kojima Hajime reported that unlike literal null\ncharacters which were handled correctly, the escaped form '\\0'\nwas ignored by the CSS parser and treated as if it was not present in\nthe CSS input string. This issue could potentially be used to bypass\nscript sanitization routines in web applications. The severity of\nthis issue was determined to be low.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77489", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5510" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476283", "reference_id": "476283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510", "reference_id": "CVE-2008-5510", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-67", "reference_id": "mfsa2008-67", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-67" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/717-3/", "reference_id": "USN-717-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5510" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z5zp-5nv7-gkgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2172?format=api", "vulnerability_id": "VCID-z6en-1gzy-6ffc", "summary": "phpBB developer Henry Sudhof reported that when an\nimage tag points to a resource that redirects to\na mailto: URL, the external mail handler application is\nlaunched. This issue poses no security threat to users but could\ncreate an annoyance when browsing a site that allows users to post\narbitrary images.This issue has not been fixed in Firefox 3.0", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.85964", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181", "reference_id": "CVE-2010-0181", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-23", "reference_id": "mfsa2010-23", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-23" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-0181" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z6en-1gzy-6ffc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88955?format=api", "vulnerability_id": "VCID-z7p6-x5jx-97cr", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56818", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2061" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-2061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7p6-x5jx-97cr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2646?format=api", "vulnerability_id": "VCID-zbug-3a8h-tfbv", "summary": "Developer and Mozilla community member Paolo\nAmadini reported that when saving the inner frame of a web\npage as a file when the outer page has POST data associated with it,\nthe POST data will be incorrectly sent to the URL of the inner frame.\nThis could potentially result in a user's sensitive data being sent to\na site for which it was not intended.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.79019", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496271", "reference_id": "496271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311", "reference_id": "CVE-2009-1311", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-21", "reference_id": "mfsa2009-21", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-1311" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbug-3a8h-tfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88951?format=api", "vulnerability_id": "VCID-zdjb-aut8-rbeb", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.75084", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0367" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-0367" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdjb-aut8-rbeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2388?format=api", "vulnerability_id": "VCID-zee6-uc6n-4kck", "summary": "Security Researcher Mike Brooks of Sitewatch reported that\nif multiple Content Security Policy (CSP) headers are present on a page, they\nhave an additive effect page policy. Using carriage return line feed (CRLF)\ninjection, a new CSP rule can be introduced which allows for cross-site\nscripting (XSS) on sites with a separate header injection vulnerability.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43362", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803114", "reference_id": "803114", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451", "reference_id": "CVE-2012-0451", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-15", "reference_id": "mfsa2012-15", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-0451" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zee6-uc6n-4kck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2233?format=api", "vulnerability_id": "VCID-zejg-gepa-yqaf", "summary": "Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to \"top\". This can allow for possible cross-site scripting (XSS) attacks through plugins. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84205", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4209" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877632", "reference_id": "877632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209", "reference_id": "CVE-2012-4209", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-103", "reference_id": "mfsa2012-103", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2012-4209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zejg-gepa-yqaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2839?format=api", "vulnerability_id": "VCID-zey8-rnp8-7yh9", "summary": "David Rees reported that the JSSubScriptLoader (a\nfeature used by some add-ons) was \"unwrapping\" XPCNativeWrappers when they\nwere used as the scope parameter to loadSubScript(). Without\nthe protection of the wrappers the add-on could be vulnerable to privilege\nescalation attacks from malicious web content. Whether any given add-on\nwere vulnerable would depend on how the add-on used the feature\nand whether it interacted directly with web content, but we did find\nat least one vulnerable add-on and presume there are more.\nThe unwrapping behavior was a change introduced during Firefox 4\ndevelopment. Firefox 3.6 and earlier versions are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54651", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751930", "reference_id": "751930", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004", "reference_id": "CVE-2011-3004", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-43", "reference_id": "mfsa2011-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-43" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3004" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zey8-rnp8-7yh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2350?format=api", "vulnerability_id": "VCID-zgcc-resp-k3h5", "summary": "For historical reasons Firefox has been generous in its interpretation of web\naddresses containing square brackets around the host. If this host was not a\nvalid IPv6 literal address, Firefox attempted to interpret the host as a regular\ndomain name. Gregory Fleischer reported that requests made\nusing IPv6 syntax using XMLHttpRequest objects through a proxy may generate\nerrors depending on proxy configuration for IPv6. The resulting error messages\nfrom the proxy may disclose sensitive data because Same-Origin Policy (SOP) will\nallow the XMLHttpRequest object to read these error messages, allowing user\nprivacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that\nmay break links written using the non-standard Firefox-only forms that were\npreviously accepted.\nThis was fixed previously for Firefox 7.0, Thunderbird 7.0, and\nSeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during\n2012.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72882", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=785464", "reference_id": "785464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670", "reference_id": "CVE-2011-3670", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-02", "reference_id": "mfsa2012-02", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0084", "reference_id": "RHSA-2012:0084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0085", "reference_id": "RHSA-2012:0085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0085" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-3670" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgcc-resp-k3h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2439?format=api", "vulnerability_id": "VCID-zhdz-2jas-bbaj", "summary": "Google security researcher Chris Evans reported that a\nwebsite could access a limited amount of data from a different domain by\nloading a same-domain JavaScript URL which redirects to an off-domain\ntarget resource containing data\nwhich is not parsable as JavaScript. Upon attempting to load the data as\nJavaScript a syntax error is generated that can reveal some of the file\ncontext via the window.onerror DOM API.This issue could be used by a malicious website to steal private data\nfrom users who are authenticated on the redirected website. How much\ndata could be at risk would depend on the format of the data and how\nthe JavaScript parser attempts to interpret it. For most files the\namount of data that can be recovered would be limited to the first\nword or two. Some data files might allow deeper probing with\nrepeated loads.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.Update December 18, 2008: The Windows version of Firefox\n2.0.0.19 was shipped without the fix for this issue (other platforms\nwere correctly patched). Firefox 2.0.0.20 has been released on Windows\nto correct this oversight.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44096", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5507" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476280", "reference_id": "476280", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476280" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507", "reference_id": "CVE-2008-5507", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-65", "reference_id": "mfsa2008-65", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2008-5507" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhdz-2jas-bbaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2206?format=api", "vulnerability_id": "VCID-znvx-aqbr-2yck", "summary": "Mozilla developers added support in the Network Security Services\nmodule for preventing a type of man-in-the-middle attack against TLS\nusing forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and\nFirefox 3.5 users will need to set\ntheir security.ssl.require_safe_negotiation preference to\ntrue. Firefox 3 does not contain the fix for this issue.", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html" }, { "reference_url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html" }, { "reference_url": "http://blogs.iss.net/archive/sslmitmiscsrf.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html" }, { "reference_url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during" }, { "reference_url": "http://clicky.me/tlsvuln", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://clicky.me/tlsvuln" }, { "reference_url": "http://extendedsubset.com/?p=8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://extendedsubset.com/?p=8" }, { "reference_url": "http://extendedsubset.com/Renegotiating_TLS.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://extendedsubset.com/Renegotiating_TLS.pdf" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041" }, { "reference_url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "reference_url": "http://kbase.redhat.com/faq/docs/DOC-20491", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://kbase.redhat.com/faq/docs/DOC-20491" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" }, { "reference_url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "reference_url": "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=126150535619567&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=126150535619567&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127419602507642&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=127419602507642&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" }, { "reference_url": "http://marc.info/?l=cryptography&m=125752275331877&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=cryptography&m=125752275331877&w=2" }, { "reference_url": "http://openbsd.org/errata45.html#010_openssl", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://openbsd.org/errata45.html#010_openssl" }, { "reference_url": "http://openbsd.org/errata46.html#004_openssl", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://openbsd.org/errata46.html#004_openssl" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1579", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1580", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1694", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0011", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0119", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0165", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0166", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0337", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0338", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0339", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0408", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0440", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0768", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0770", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0786", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0786" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0807", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0865", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0986", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0987", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2011:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1591", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1591" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03741", "scoring_system": "epss", "scoring_elements": "0.88206", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3555" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "reference_url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=50325", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=50325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566" }, { "reference_url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049" }, { "reference_url": "http://seclists.org/fulldisclosure/2009/Nov/139", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://seclists.org/fulldisclosure/2009/Nov/139" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200912-01.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201203-22.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5" }, { "reference_url": "https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d" }, { "reference_url": "https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3" }, { "reference_url": "https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701" }, { "reference_url": "https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02" }, { "reference_url": "https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3" }, { "reference_url": "https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d" }, { "reference_url": "https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366" }, { "reference_url": "https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "reference_url": "https://kb.bluecoat.com/index?page=content&id=SA50", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://kb.bluecoat.com/index?page=content&id=SA50" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446" }, { "reference_url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>" }, { "reference_url": "https://nginx.org/download/patch.cve-2009-3555.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.cve-2009-3555.txt" }, { "reference_url": "https://nginx.org/download/patch.cve-2009-3555.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.cve-2009-3555.txt.asc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535" }, { "reference_url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html" }, { "reference_url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt" }, { "reference_url": "https://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-5.html" }, { "reference_url": "https://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-6.html" }, { "reference_url": "https://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-7.html" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1" }, { "reference_url": "http://support.apple.com/kb/HT4004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.apple.com/kb/HT4004" }, { "reference_url": "http://support.apple.com/kb/HT4170", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.apple.com/kb/HT4170" }, { "reference_url": "http://support.apple.com/kb/HT4171", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.apple.com/kb/HT4171" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100070150", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100070150" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100081611", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100081611" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114315", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114315" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114327", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114327" }, { "reference_url": "http://support.citrix.com/article/CTX123359", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.citrix.com/article/CTX123359" }, { "reference_url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES" }, { "reference_url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html" }, { "reference_url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt" }, { "reference_url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html" }, { "reference_url": "http://ubuntu.com/usn/usn-923-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://ubuntu.com/usn/usn-923-1" }, { "reference_url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312" }, { "reference_url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only" }, { "reference_url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt" }, { "reference_url": "http://www.betanews.com/article/1257452450", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.betanews.com/article/1257452450" }, { "reference_url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml" }, { "reference_url": "http://www.debian.org/security/2009/dsa-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.debian.org/security/2009/dsa-1934" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2141", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3253", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "reference_url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html" }, { "reference_url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" }, { "reference_url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html" }, { "reference_url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html" }, { "reference_url": "http://www.ingate.com/Relnote.php?ver=481", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ingate.com/Relnote.php?ver=481" }, { "reference_url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "reference_url": "http://www.kb.cert.org/vuls/id/120541", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.kb.cert.org/vuls/id/120541" }, { "reference_url": "http://www.links.org/?p=780", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.links.org/?p=780" }, { "reference_url": "http://www.links.org/?p=786", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.links.org/?p=786" }, { "reference_url": "http://www.links.org/?p=789", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.links.org/?p=789" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089" }, { "reference_url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html" }, { "reference_url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html" }, { "reference_url": "http://www.openssl.org/news/secadv_20091111.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openssl.org/news/secadv_20091111.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/05/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/07/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/23/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "reference_url": "http://www.opera.com/docs/changelogs/unix/1060", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.opera.com/docs/changelogs/unix/1060" }, { "reference_url": "http://www.opera.com/support/search/view/944", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.opera.com/support/search/view/944" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" }, { "reference_url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" }, { "reference_url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html" }, { "reference_url": "http://www.tombom.co.uk/blog/?p=85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.tombom.co.uk/blog/?p=85" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1010-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1010-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-927-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-927-4" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-927-5" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "reference_url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0032", "reference_id": "0032", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0033", "reference_id": "0033", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0033" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0086", "reference_id": "0086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0086" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0086", "reference_id": "0086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0086" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0173", "reference_id": "0173", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0173" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0748", "reference_id": "0748", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0748" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0848", "reference_id": "0848", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0848" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0916", "reference_id": "0916", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0933", "reference_id": "0933", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0933" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0982", "reference_id": "0982", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0982" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0994", "reference_id": "0994", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0994" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1054", "reference_id": "1054", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1054" }, { "reference_url": "http://www.opera.com/docs/changelogs/unix/1060/", "reference_id": "1060", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.opera.com/docs/changelogs/unix/1060/" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1191", "reference_id": "1191", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1191" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1350", "reference_id": "1350", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1350" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1639", "reference_id": "1639", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1639" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1673", "reference_id": "1673", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1673" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1793", "reference_id": "1793", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2010", "reference_id": "2010", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2010" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2745", "reference_id": "2745", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2745" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3069", "reference_id": "3069", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3069" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3086", "reference_id": "3086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3086" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3126", "reference_id": "3126", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3126" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3164", "reference_id": "3164", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3164" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3165", "reference_id": "3165", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3165" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3205", "reference_id": "3205", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3205" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3220", "reference_id": "3220", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3220" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3310", "reference_id": "3310", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3310" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3313", "reference_id": "3313", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3313" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3353", "reference_id": "3353", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3353" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3354", "reference_id": "3354", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3354" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3484", "reference_id": "3484", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3484" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3521", "reference_id": "3521", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3521" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3587", "reference_id": "3587", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3587" }, { "reference_url": "http://www.securityfocus.com/bid/36935", "reference_id": "36935", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/bid/36935" }, { "reference_url": "http://secunia.com/advisories/37291", "reference_id": "37291", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37291" }, { "reference_url": "http://secunia.com/advisories/37292", "reference_id": "37292", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37292" }, { "reference_url": "http://secunia.com/advisories/37320", "reference_id": "37320", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37320" }, { "reference_url": "http://secunia.com/advisories/37383", "reference_id": "37383", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37383" }, { "reference_url": "http://secunia.com/advisories/37399", "reference_id": "37399", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37399" }, { "reference_url": "http://secunia.com/advisories/37453", "reference_id": "37453", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37453" }, { "reference_url": "http://secunia.com/advisories/37501", "reference_id": "37501", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37501" }, { "reference_url": "http://secunia.com/advisories/37504", "reference_id": "37504", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37504" }, { "reference_url": "http://secunia.com/advisories/37604", "reference_id": "37604", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37604" }, { "reference_url": "http://secunia.com/advisories/37640", "reference_id": "37640", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37640" }, { "reference_url": "http://secunia.com/advisories/37656", "reference_id": "37656", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37656" }, { "reference_url": "http://secunia.com/advisories/37675", "reference_id": "37675", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37675" }, { "reference_url": "http://secunia.com/advisories/37859", "reference_id": "37859", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37859" }, { "reference_url": "http://secunia.com/advisories/38003", "reference_id": "38003", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38003" }, { "reference_url": "http://secunia.com/advisories/38020", "reference_id": "38020", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38020" }, { "reference_url": "http://secunia.com/advisories/38056", "reference_id": "38056", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38056" }, { "reference_url": "http://secunia.com/advisories/38241", "reference_id": "38241", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38241" }, { "reference_url": "http://secunia.com/advisories/38484", "reference_id": "38484", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38484" }, { "reference_url": "http://secunia.com/advisories/38687", "reference_id": "38687", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38687" }, { "reference_url": "http://secunia.com/advisories/38781", "reference_id": "38781", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38781" }, { "reference_url": "http://secunia.com/advisories/39127", "reference_id": "39127", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39127" }, { "reference_url": "http://secunia.com/advisories/39136", "reference_id": "39136", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39136" }, { "reference_url": "http://secunia.com/advisories/39242", "reference_id": "39242", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39242" }, { "reference_url": "http://secunia.com/advisories/39243", "reference_id": "39243", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39243" }, { "reference_url": "http://secunia.com/advisories/39278", "reference_id": "39278", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39278" }, { "reference_url": "http://secunia.com/advisories/39292", "reference_id": "39292", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39292" }, { "reference_url": "http://secunia.com/advisories/39317", "reference_id": "39317", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39317" }, { "reference_url": "http://secunia.com/advisories/39461", "reference_id": "39461", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39461" }, { "reference_url": "http://secunia.com/advisories/39500", "reference_id": "39500", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39500" }, { "reference_url": "http://secunia.com/advisories/39628", "reference_id": "39628", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39628" }, { "reference_url": "http://secunia.com/advisories/39632", "reference_id": "39632", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39632" }, { "reference_url": "http://secunia.com/advisories/39713", "reference_id": "39713", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39713" }, { "reference_url": "http://secunia.com/advisories/39819", "reference_id": "39819", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39819" }, { "reference_url": "http://secunia.com/advisories/40070", "reference_id": "40070", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40070" }, { "reference_url": "http://secunia.com/advisories/40545", "reference_id": "40545", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40545" }, { "reference_url": "http://secunia.com/advisories/40747", "reference_id": "40747", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40747" }, { "reference_url": "http://secunia.com/advisories/40866", "reference_id": "40866", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40866" }, { "reference_url": "http://secunia.com/advisories/41480", "reference_id": "41480", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41480" }, { "reference_url": "http://secunia.com/advisories/41490", "reference_id": "41490", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41490" }, { "reference_url": "http://secunia.com/advisories/41818", "reference_id": "41818", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41818" }, { "reference_url": "http://secunia.com/advisories/41967", "reference_id": "41967", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41967" }, { "reference_url": "http://secunia.com/advisories/41972", "reference_id": "41972", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41972" }, { "reference_url": "http://secunia.com/advisories/42377", "reference_id": "42377", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42377" }, { "reference_url": "http://secunia.com/advisories/42379", "reference_id": "42379", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42379" }, { "reference_url": "http://secunia.com/advisories/42467", "reference_id": "42467", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42467" }, { "reference_url": "http://secunia.com/advisories/42724", "reference_id": "42724", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42724" }, { "reference_url": "http://secunia.com/advisories/42733", "reference_id": "42733", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42733" }, { "reference_url": "http://secunia.com/advisories/42808", "reference_id": "42808", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42808" }, { "reference_url": "http://secunia.com/advisories/42811", "reference_id": "42811", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42811" }, { "reference_url": "http://secunia.com/advisories/42816", "reference_id": "42816", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42816" }, { "reference_url": "http://secunia.com/advisories/43308", "reference_id": "43308", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/43308" }, { "reference_url": "http://secunia.com/advisories/44954", "reference_id": "44954", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/44954" }, { "reference_url": "http://secunia.com/advisories/48577", "reference_id": "48577", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/48577" }, { "reference_url": "http://www.securityfocus.com/archive/1/522176", "reference_id": "522176", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "reference_url": "http://osvdb.org/60521", "reference_id": "60521", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/60521" }, { "reference_url": "http://osvdb.org/60972", "reference_id": "60972", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/60972" }, { "reference_url": "http://osvdb.org/62210", "reference_id": "62210", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/62210" }, { "reference_url": "http://osvdb.org/65202", "reference_id": "65202", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/65202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649", "reference_id": "765649", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649" }, { "reference_url": "http://www.opera.com/support/search/view/944/", "reference_id": "944", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.opera.com/support/search/view/944/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555", "reference_id": "CVE-2009-3555", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py", "reference_id": "CVE-2009-3555", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt", "reference_id": "CVE-2009-3555;OSVDB-59970", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35888/info", "reference_id": "CVE-2009-3555;OSVDB-59970", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35888/info" }, { "reference_url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E", "reference_id": "f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://github.com/advisories/GHSA-f7w7-6pjc-wwm6", "reference_id": "GHSA-f7w7-6pjc-wwm6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7w7-6pjc-wwm6" }, { "reference_url": "https://security.gentoo.org/glsa/200912-01", "reference_id": "GLSA-200912-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-01" }, { "reference_url": "https://security.gentoo.org/glsa/201006-18", "reference_id": "GLSA-201006-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201006-18" }, { "reference_url": "https://security.gentoo.org/glsa/201110-05", "reference_id": "GLSA-201110-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-05" }, { "reference_url": "https://security.gentoo.org/glsa/201203-22", "reference_id": "GLSA-201203-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-22" }, { "reference_url": "https://security.gentoo.org/glsa/201206-18", "reference_id": "GLSA-201206-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-18" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201309-15", "reference_id": "GLSA-201309-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-15" }, { "reference_url": "https://security.gentoo.org/glsa/201311-13", "reference_id": "GLSA-201311-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-13" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "http://securitytracker.com/id?1023148", "reference_id": "id?1023148", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://securitytracker.com/id?1023148" }, { "reference_url": "http://www.securitytracker.com/id?1023163", "reference_id": "id?1023163", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023163" }, { "reference_url": "http://www.securitytracker.com/id?1023204", "reference_id": "id?1023204", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023204" }, { "reference_url": "http://www.securitytracker.com/id?1023205", "reference_id": "id?1023205", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023205" }, { "reference_url": "http://www.securitytracker.com/id?1023206", "reference_id": "id?1023206", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023206" }, { "reference_url": "http://www.securitytracker.com/id?1023207", "reference_id": "id?1023207", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023207" }, { "reference_url": "http://www.securitytracker.com/id?1023208", "reference_id": "id?1023208", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023208" }, { "reference_url": "http://www.securitytracker.com/id?1023209", "reference_id": "id?1023209", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023209" }, { "reference_url": "http://www.securitytracker.com/id?1023210", "reference_id": "id?1023210", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023210" }, { "reference_url": "http://www.securitytracker.com/id?1023211", "reference_id": "id?1023211", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023211" }, { "reference_url": "http://www.securitytracker.com/id?1023212", "reference_id": "id?1023212", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023212" }, { "reference_url": "http://www.securitytracker.com/id?1023213", "reference_id": "id?1023213", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023213" }, { "reference_url": "http://www.securitytracker.com/id?1023214", "reference_id": "id?1023214", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023214" }, { "reference_url": "http://www.securitytracker.com/id?1023215", "reference_id": "id?1023215", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023215" }, { "reference_url": "http://www.securitytracker.com/id?1023216", "reference_id": "id?1023216", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023216" }, { "reference_url": "http://www.securitytracker.com/id?1023217", "reference_id": "id?1023217", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023217" }, { "reference_url": "http://www.securitytracker.com/id?1023218", "reference_id": "id?1023218", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023218" }, { "reference_url": "http://www.securitytracker.com/id?1023219", "reference_id": "id?1023219", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023219" }, { "reference_url": "http://www.securitytracker.com/id?1023224", "reference_id": "id?1023224", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023224" }, { "reference_url": "http://www.securitytracker.com/id?1023243", "reference_id": "id?1023243", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023243" }, { "reference_url": "http://www.securitytracker.com/id?1023270", "reference_id": "id?1023270", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023270" }, { "reference_url": "http://www.securitytracker.com/id?1023271", "reference_id": "id?1023271", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023271" }, { "reference_url": "http://www.securitytracker.com/id?1023272", "reference_id": "id?1023272", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023272" }, { "reference_url": "http://www.securitytracker.com/id?1023273", "reference_id": "id?1023273", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023273" }, { "reference_url": "http://www.securitytracker.com/id?1023274", "reference_id": "id?1023274", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023274" }, { "reference_url": "http://www.securitytracker.com/id?1023275", "reference_id": "id?1023275", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023275" }, { "reference_url": "http://www.securitytracker.com/id?1023411", "reference_id": "id?1023411", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023411" }, { "reference_url": "http://www.securitytracker.com/id?1023426", "reference_id": "id?1023426", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023426" }, { "reference_url": "http://www.securitytracker.com/id?1023427", "reference_id": "id?1023427", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023427" }, { "reference_url": "http://www.securitytracker.com/id?1023428", "reference_id": "id?1023428", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023428" }, { "reference_url": "http://www.securitytracker.com/id?1024789", "reference_id": "id?1024789", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1024789" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22", "reference_id": "mfsa2010-22", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A10088", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A11578", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A11617", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A7315", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A7478", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A7973", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A8366", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A8535", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535" }, { "reference_url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html", "reference_id": "plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html" }, { "reference_url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E", "reference_id": "re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "reference_url": "https://usn.ubuntu.com/1010-1/", "reference_id": "USN-1010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1010-1/" }, { "reference_url": "https://usn.ubuntu.com/860-1/", "reference_id": "USN-860-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/860-1/" }, { "reference_url": "https://usn.ubuntu.com/923-1/", "reference_id": "USN-923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/923-1/" }, { "reference_url": "https://usn.ubuntu.com/927-1/", "reference_id": "USN-927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-1/" }, { "reference_url": "https://usn.ubuntu.com/927-4/", "reference_id": "USN-927-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-4/" }, { "reference_url": "https://usn.ubuntu.com/927-6/", "reference_id": "USN-927-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-6/" }, { "reference_url": "https://usn.ubuntu.com/990-1/", "reference_id": "USN-990-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/990-1/" }, { "reference_url": "https://usn.ubuntu.com/990-2/", "reference_id": "USN-990-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/990-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-3555", "GHSA-f7w7-6pjc-wwm6", "VU#120541" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znvx-aqbr-2yck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2138?format=api", "vulnerability_id": "VCID-zp33-mbkb-aydv", "summary": "Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements. A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem. This integer is later used in allocating a memory buffer used\nto store the plugin parameters. Under such conditions, too small a\nbuffer would be created and attacker-controlled data could be written\npast the end of the buffer, potentially resulting in code\nexecution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0734", "scoring_system": "epss", "scoring_elements": "0.91814", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1214" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615462", "reference_id": "615462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214", "reference_id": "CVE-2010-1214", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py", "reference_id": "CVE-2010-1214", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt", "reference_id": "CVE-2010-1214;OSVDB-66594", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt" }, { "reference_url": "https://www.securityfocus.com/bid/41842/info", "reference_id": "CVE-2010-1214;OSVDB-66594", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/41842/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-37", "reference_id": "mfsa2010-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-1214" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zp33-mbkb-aydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2120?format=api", "vulnerability_id": "VCID-ztea-k4bh-bug9", "summary": "Security researchers David Huang\nand Collin Jackson of Carnegie Mellon University\nCyLab (Silicon Valley campus) reported that the type\nattribute of an <object> tag can override the charset of a\nframed HTML document, even when the document is included across\norigins. A page could be constructed containing such an\n<object> tag which sets the charset of the framed document to\nUTF-7. This could potentially allow an attacker to inject UTF-7\nencoded JavaScript into a site, bypassing the site's XSS filters, and\nthen executing the code using the above technique.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73827", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630074", "reference_id": "630074", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768", "reference_id": "CVE-2010-2768", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-61", "reference_id": "mfsa2010-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2010-2768" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztea-k4bh-bug9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2842?format=api", "vulnerability_id": "VCID-zxps-xjq5-qyha", "summary": "Security researcher Paul Stone reported that a\nJava applet could be used to mimic interaction with form autocomplete\ncontrols and steal entries from the form history.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0052", "scoring_system": "epss", "scoring_elements": "0.67114", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700644", "reference_id": "700644", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700644" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067", "reference_id": "CVE-2011-0067", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14", "reference_id": "mfsa2011-14", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2011-0067" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxps-xjq5-qyha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2608?format=api", "vulnerability_id": "VCID-zy16-tskh-aka5", "summary": "Developer and Mozilla community member Wladimir Palant\nreported that cookies marked HTTPOnly were readable by JavaScript via\nthe XMLHttpRequest.getResponseHeader and \nXMLHttpRequest.getAllResponseHeaders APIs. This vulnerability\nbypasses the security mechanism provided by the HTTPOnly flag which\nintends to restrict JavaScript access to document.cookie.The fix prevents the XMLHttpRequest feature from accessing the\nSet-Cookie and Set-Cookie2 headers of any response\nwhether or not the HTTPOnly flag was set for those cookies.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0108", "scoring_system": "epss", "scoring_elements": "0.78144", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483145", "reference_id": "483145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357", "reference_id": "CVE-2009-0357", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-05", "reference_id": "mfsa2009-05", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" }, { "reference_url": "https://usn.ubuntu.com/717-2/", "reference_id": "USN-717-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-2/" }, { "reference_url": "https://usn.ubuntu.com/717-3/", "reference_id": "USN-717-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334815?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334816?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.14-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/334817?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/334818?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@10.0.11" } ], "aliases": [ "CVE-2009-0357" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy16-tskh-aka5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@3.14" }